Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aws cross account #121

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Aws cross account #121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7171ca9
fetching details from delegated cross accont
rednus5 Jun 23, 2017
a654df1
cross account without credential details
rednus5 Jun 28, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/main/resources/edda.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,12 @@
# Set the region for the AWS endpoints
#
#
edda.region=us-west-1
edda.region=us-east-1
edda.aws.assumeRoleArn=
edda.aws.assumerole.enabled=true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't set this as the default/example

#edda.aws.accessKey=
#edda.aws.secretKey=


#
# Set a region for a specific account
Expand Down
2 changes: 2 additions & 0 deletions src/main/scala/com/netflix/edda/Crawler.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ abstract class Crawler extends Observable {
lazy val throttle_delay = Utils.getProperty("edda.crawler", "throttle.delay", name, "200")
lazy val retry_max = Utils.getProperty("edda.crawler", "throttle.maxDelayMultiplier", name, "225")
lazy val request_delay = Utils.getProperty("edda.crawler", "requestDelay", name, "0")
lazy val assumeRoleEnabled = Utils.getProperty("edda.aws", "assumerole.enabled", name, "false").get.toBoolean


/* number of retries attempted */
var retry_count = 0
Expand Down
128 changes: 70 additions & 58 deletions src/main/scala/com/netflix/edda/aws/AwsClient.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,30 +15,23 @@
*/
package com.netflix.edda.aws

import com.netflix.edda.Utils

import com.amazonaws.auth.AWSCredentials
import com.amazonaws.auth.BasicAWSCredentials
import com.amazonaws.auth.AWSCredentialsProvider
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider
import com.amazonaws.auth.profile.ProfileCredentialsProvider

import com.amazonaws.services.ec2.AmazonEC2Client
import com.amazonaws.auth._
import com.amazonaws.services.autoscaling.AmazonAutoScalingClient
import com.amazonaws.services.cloudformation.AmazonCloudFormationClient
import com.amazonaws.services.cloudwatch.AmazonCloudWatchClient
import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient
import com.amazonaws.services.ec2.AmazonEC2Client
import com.amazonaws.services.elasticache.AmazonElastiCacheClient
import com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingClient
import com.amazonaws.services.elasticloadbalancingv2.{AmazonElasticLoadBalancingClient => AmazonElasticLoadBalancingV2Client}
import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient
import com.amazonaws.services.s3.AmazonS3Client
import com.amazonaws.services.sqs.AmazonSQSClient
import com.amazonaws.services.cloudwatch.AmazonCloudWatchClient
import com.amazonaws.services.route53.AmazonRoute53Client
import com.amazonaws.services.rds.AmazonRDSClient
import com.amazonaws.services.elasticache.AmazonElastiCacheClient
import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient
import com.amazonaws.services.cloudformation.AmazonCloudFormationClient
import com.amazonaws.services.route53.AmazonRoute53Client
import com.amazonaws.services.s3.AmazonS3Client
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest
import com.amazonaws.services.sqs.AmazonSQSClient
import com.netflix.edda.Utils

object AwsClient {
def mkCredentialProvider(accessKey: String, secretKey: String, arn: String): AWSCredentialsProvider = {
Expand All @@ -51,11 +44,12 @@ object AwsClient {
}
}
if (arn.isEmpty) {
provider
provider
} else {
new STSAssumeRoleSessionCredentialsProvider(provider, arn, "edda")
new STSAssumeRoleSessionCredentialsProvider(provider, arn, "edda")
}
}

}


Expand Down Expand Up @@ -99,6 +93,11 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
this(AwsClient.mkCredentialProvider(accessKey,secretKey, ""), region)


/* Basic Credintial Provider */
def getBasicCredsProvider = {
InstanceProfileCredentialsProvider.getInstance()
}

/** generate a resource arn */
def arn(resourceAPI: String, resourceType: String, resourceName: String): String = {
"arn:aws:" + resourceAPI + ":" + region + ":" + account + ":" + resourceType + arnSeperator(resourceType) + resourceName
Expand All @@ -120,36 +119,41 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/ec2/AmazonEC2Client.html com.amazonaws.services.ec2.AmazonEC2Client]] object */
def ec2 = {
val client = new AmazonEC2Client(provider)
def ec2(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonEC2Client(credsProvider)
client.setEndpoint("ec2." + region + ".amazonaws.com")
client
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/autoscaling/AmazonAutoScalingClient.html com.amazonaws.services.autoscaling.AmazonAutoScalingClient]] object */
def asg = {
val client = new AmazonAutoScalingClient(provider)
def asg(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonAutoScalingClient(credsProvider)
client.setEndpoint("autoscaling." + region + ".amazonaws.com")
client
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/elasticloadbalancing/AmazonElasticLoadBalancingClient.html com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingClient]] object */
def elb = {
val client = new AmazonElasticLoadBalancingClient(provider)
def elb(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonElasticLoadBalancingClient(credsProvider)
client.setEndpoint("elasticloadbalancing." + region + ".amazonaws.com")
client
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/elasticloadbalancingv2/AmazonElasticLoadBalancingClient.html com.amazonaws.services.elasticloadbalancingv2.AmazonElasticLoadBalancingClient]] object */
def elbv2 = {
val client = new AmazonElasticLoadBalancingV2Client(provider)
def elbv2(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonElasticLoadBalancingV2Client(credsProvider)
client.setEndpoint("elasticloadbalancing." + region + ".amazonaws.com")
client
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Client.html com.amazonaws.services.s3.AmazonS3Client]] object */
def s3 = {
val client = new AmazonS3Client(provider)
def s3(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonS3Client(credsProvider)
if (region == "us-east-1")
client.setEndpoint("s3.amazonaws.com")
else
Expand All @@ -158,8 +162,9 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/identitymanagement/AmazonIdentityManagementClient.html com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient]] object */
def identitymanagement = {
val client = new AmazonIdentityManagementClient(provider)
def identitymanagement(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonIdentityManagementClient(credsProvider)
if (region == "us-gov")
client.setEndpoint("iam.us-gov.amazonaws.com")
else
Expand All @@ -168,47 +173,54 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/sqs/AmazonSQSClient.html com.amazonaws.services.sqs.AmazonSQSClient]] object */
def sqs = {
val client = new AmazonSQSClient(provider)
def sqs(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonSQSClient(credsProvider)
client.setEndpoint("sqs." + region + ".amazonaws.com")
client
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloudwatch/AmazonCloudWatchClient.html com.amazonaws.services.cloudwatch.AmazonCloudWatchClient]] object */
def cw = {
val client = new AmazonCloudWatchClient(provider)
def cw(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonCloudWatchClient(credsProvider)
client.setEndpoint("monitoring." + region + ".amazonaws.com")
client
}

/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/route53/AmazonRoute53Client.html com.amazonaws.services.route53.AmazonRoute53Client]] object */
def route53 = {
val client = new AmazonRoute53Client(provider)
client.setEndpoint("route53.amazonaws.com")
client
}
/** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/route53/AmazonRoute53Client.html com.amazonaws.services.route53.AmazonRoute53Client]] object */
def route53(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonRoute53Client(credsProvider)
client.setEndpoint("route53.amazonaws.com")
client
}

def rds = {
val client = new AmazonRDSClient(provider)
client.setEndpoint("rds." + region + ".amazonaws.com")
client
}
def rds(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonRDSClient(credsProvider)
client.setEndpoint("rds." + region + ".amazonaws.com")
client
}

def elasticache = {
val client = new AmazonElastiCacheClient(provider)
def elasticache(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonElastiCacheClient(credsProvider)
client.setEndpoint("elasticache." + region + ".amazonaws.com")
client
}
}

def dynamo = {
val client = new AmazonDynamoDBClient(provider)
client.setEndpoint("dynamodb." + region + ".amazonaws.com")
client
}
def dynamo(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonDynamoDBClient(credsProvider)
client.setEndpoint("dynamodb." + region + ".amazonaws.com")
client
}

def cloudformation = {
val client = new AmazonCloudFormationClient(provider)
def cloudformation(needAssumeRoleProvider : Boolean = false) = {
val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
val client = new AmazonCloudFormationClient(credsProvider)
client.setEndpoint("cloudformation." + region + ".amazonaws.com")
client
}
}
}
}
Loading