How to use the aegea.util.aws.ARN function in aegea
To help you get started, we’ve selected a few aegea examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
kislyuk / aegea / aegea / secrets.py View on Github 
def ensure_policy(principal, secret_arn):
policy_name = "{}.{}.{}".format(__name__,
ARN(principal.arn).resource.replace("/", "."),
ARN(secret_arn).resource.split(":")[1].replace("/", "."))
policy_doc = IAMPolicyBuilder(action="secretsmanager:GetSecretValue", resource=secret_arn)
policy = ensure_iam_policy(policy_name, policy_doc)
principal.attach_policy(PolicyArn=policy.arn)def snapshots(args):
page_output(filter_and_tabulate(resources.ec2.snapshots.filter(OwnerIds=[ARN.get_account_id()]), args))def add_tags(resource, prefix, key):
resource_id = ":".join([prefix, resource[key]])
arn = ARN(service="rds", resource=resource_id)
resource["tags"] = clients.rds.list_tags_for_resource(ResourceName=str(arn))["TagList"]
return resourcedef get_ssh_ca_keys(bless_config):
for lambda_regional_config in bless_config["lambda_config"]["regions"]:
if lambda_regional_config["aws_region"] == clients.ec2.meta.region_name:
break
ca_keys_secret_arn = ARN(service="secretsmanager",
region=lambda_regional_config["aws_region"],
account_id=ARN(bless_config["lambda_config"]["role_arn"]).account_id,
resource="secret:" + bless_config["lambda_config"]["function_name"])
ca_keys_secret = clients.secretsmanager.get_secret_value(SecretId=str(ca_keys_secret_arn))
ca_keys = json.loads(ca_keys_secret["SecretString"])["ssh_ca_keys"]
return "\n".join(ca_keys)def get_ssh_ca_keys(bless_config):
for lambda_regional_config in bless_config["lambda_config"]["regions"]:
if lambda_regional_config["aws_region"] == clients.ec2.meta.region_name:
break
ca_keys_secret_arn = ARN(service="secretsmanager",
region=lambda_regional_config["aws_region"],
account_id=ARN(bless_config["lambda_config"]["role_arn"]).account_id,
resource="secret:" + bless_config["lambda_config"]["function_name"])
ca_keys_secret = clients.secretsmanager.get_secret_value(SecretId=str(ca_keys_secret_arn))
ca_keys = json.loads(ca_keys_secret["SecretString"])["ssh_ca_keys"]
return "\n".join(ca_keys)def export_log_files(args):
bucket_name = "aegea-cloudwatch-log-export-{}-{}".format(ARN.get_account_id(), clients.logs.meta.region_name)
bucket_arn = ARN(service="s3", region="", account_id="", resource=bucket_name)
logs_principal = {"Service": "logs.amazonaws.com"}
policy = IAMPolicyBuilder(action="s3:GetBucketAcl", resource=str(bucket_arn), principal=logs_principal)
policy.add_statement(action="s3:PutObject", resource=str(bucket_arn) + "/*", principal=logs_principal)
lifecycle = S3BucketLifecycleBuilder(expiration=dict(Days=30))
lifecycle.add_rule(abort_incomplete_multipart_upload=20)
bucket = ensure_s3_bucket(bucket_name, policy=policy, lifecycle=lifecycle)
if not args.end_time:
args.end_time = Timestamp.match_precision(Timestamp("-0s"), args.start_time)
export_task_args = dict(logGroupName=args.log_group,
fromTime=int(timestamp(args.start_time) * 1000),
to=int(timestamp(args.end_time) * 1000),
destination=bucket.name)
if args.log_stream:
export_task_args.update(logStreamNamePrefix=args.log_stream)
cache_key = hashlib.sha256(json.dumps(export_task_args, sort_keys=True).encode()).hexdigest()[:32]
export_task_args.update(destinationPrefix=cache_key)def ensure_deploy_iam_policy():
sqs_arn = ARN(service="sqs", region="*", resource="github-*")
policy_doc = IAMPolicyBuilder(action="sqs:*", resource=str(sqs_arn))
sns_arn = ARN(service="sns", resource="github-*")
policy_doc.add_statement(action="sns:Subscribe", resource=str(sns_arn))
s3_arn = ARN(service="s3", region="", account_id="", resource="deploy-status-{}/*".format(ARN.get_account_id()))
policy_doc.add_statement(action="s3:PutObject", resource=str(s3_arn))
return ensure_iam_policy(__name__, policy_doc)except ClientError:
user = resources.iam.create_user(UserName=iam_user_name)
topic = resources.sns.create_topic(Name="github-{}-{}-events".format(gh_owner_name, gh_repo_name))
policy = IAMPolicyBuilder(action="sns:Publish", resource=topic.arn)
user.create_policy(PolicyName="sns_send_message", PolicyDocument=str(policy))
for key in user.access_keys.all():
key.delete()
key = user.create_access_key_pair()
repo.create_hook("amazonsns", dict(sns_topic=topic.arn,
sns_region=ARN(topic.arn).region,
aws_key=key.id,
aws_secret=key.secret))
logger.info("Created SNS topic %s and GitHub hook for repo %s", topic, repo)
status_bucket = resources.s3.create_bucket(Bucket="deploy-status-" + ARN(topic.arn).account_id)
logger.info("Created %s", status_bucket)
grant(args)
return dict(topic_arn=topic.arn)
Popular aegea functions
- aegea.logger
- aegea.logger.debug
- aegea.logger.info
- aegea.logger.warn
- aegea.ls.register_listing_parser
- aegea.ls.register_parser
- aegea.register_parser
- aegea.util.aws.ARN
- aegea.util.aws.ARN.get_account_id
- aegea.util.aws.clients
- aegea.util.aws.clients.ec2
- aegea.util.aws.resources
- aegea.util.aws.resources.ec2
- aegea.util.aws.resources.ec2.Instance
- aegea.util.compat.str
- aegea.util.exceptions.AegeaException
- aegea.util.paginate
- aegea.util.printing.page_output
- aegea.util.printing.tabulate
- aegea.util.Timestamp