From 2e561bfb299501a8632a032c6aa67601f3c4a67c Mon Sep 17 00:00:00 2001
From: Timothy Middelkoop <tmiddelkoop@internet2.edu>
Date: Thu, 11 Nov 2021 21:58:42 -0600
Subject: [PATCH] AWS VM tools

---
 Build.md                  |  4 ++
 scripts/aws-create.sh     | 75 ++++++++++++++++++++++++++++++++++++++
 scripts/aws-delete.sh     | 13 +++++++
 scripts/aws-vpc-create.sh | 77 +++++++++++++++++++++++++++++++++++++++
 scripts/aws-vpc-delete.sh | 43 ++++++++++++++++++++++
 5 files changed, 212 insertions(+)
 create mode 100755 scripts/aws-create.sh
 create mode 100755 scripts/aws-delete.sh
 create mode 100755 scripts/aws-vpc-create.sh
 create mode 100755 scripts/aws-vpc-delete.sh

diff --git a/Build.md b/Build.md
index 852be0a..3942f65 100644
--- a/Build.md
+++ b/Build.md
@@ -39,3 +39,7 @@ export GOOGLE_CLOUD_PROJECT=just-armor-301114
 export DEVSHELL_PROJECT_ID=$GOOGLE_CLOUD_PROJECT
 gcloud config set project $GOOGLE_CLOUD_PROJECT
 ```
+
+## AWS
+
+Expect that `aws` is installed locally.  A ssh-key named 'learner' is required to access the account.
diff --git a/scripts/aws-create.sh b/scripts/aws-create.sh
new file mode 100755
index 0000000..43e7941
--- /dev/null
+++ b/scripts/aws-create.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# Options
+BRANCH="${1:-aws-dev}" # checkout branch $1
+
+# Static Config - update aws-*.sh files
+NAME=learner
+VM=essentials
+PROJECT=CLASS-Essentials
+GITHUB=github.internet2.edu
+REPO="git@${GITHUB}:CLASS/${PROJECT}.git"
+
+echo "=== aws-create.sh $PROJECT $BRANCH"
+
+VPC=$(aws ec2 describe-vpcs --filter "Name=tag:Name,Values=${VM}" --query "Vpcs[].VpcId" --output text)
+SUBNET=$(aws ec2 describe-subnets --filter "Name=tag:Name,Values=${VM}" --query "Subnets[].SubnetId" --output text)
+SG=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=${VM}" --query "SecurityGroups[].GroupId" --output text)
+
+echo "+++ networking: $VM $VPC $SUBNET $SG"
+if [ -z "${VPC}" -o -z "${SUBNET}" -o -z "${SG}" ] ; then
+    echo "--- '${VM}' networking does not exist.  Use 'aws-vpc-create.sh' to create"
+    exit 1
+fi
+
+IP=$(aws ec2 describe-instances --filters 'Name=instance-state-name,Values=running' 'Name=tag:Name,Values=essentials' --query "Reservations[*].Instances[*].PublicIpAddress" --output text --no-cli-pager)
+if [ -z "${IP}" ] ; then
+    echo "+++ creating VM"
+    aws ec2 run-instances \
+        --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$VM}]" \
+        --image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 \
+        --instance-type m6i.large \
+        --subnet-id $SUBNET \
+        --security-group-ids $SG \
+        --key-name $NAME \
+        --no-cli-pager
+fi
+
+while [ -z ${IP:=$(aws ec2 describe-instances --filters 'Name=instance-state-name,Values=running' "Name=tag:Name,Values=${VM}" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text --no-cli-pager)} ] ; do
+    echo "+++ waiting for IP"
+    sleep 1
+done
+
+echo "+++ wait for boot and cloud-init ${VM} ${IP}"
+ssh-keygen -R $IP
+while ! ssh ec2-user@$IP sudo cloud-init status --wait ; do
+    sleep 1
+done
+
+echo "+++ configuring VM"
+
+ssh ec2-user@$IP -A <<EOF
+sudo yum install -y git python3-pip python3-venv bash-completion
+ssh-keyscan ${GITHUB} > .ssh/known_hosts
+git config --global color.ui auto
+git config --global push.default simple
+git config --global pull.ff only
+git config --global user.name "$(git config user.name)"
+git config --global user.email "$(git config user.name)"
+git clone --branch $BRANCH $REPO
+EOF
+
+echo "+++ configure ~/.ssh/$VM.config"
+cat > ~/.ssh/$VM.config <<EOF
+Host essentials
+    HostName $IP
+    CheckHostIP=no
+    ForwardAgent=yes
+    User=ec2-user
+EOF
+
+echo "+++ starting Jypter"
+ssh ec2-user@$IP -t -L 8080:localhost:8080 -L 8081:localhost:8081 "cd $PROJECT ; ./scripts/jupyter-lab.sh"
+
+echo "+++ ssh command"
+echo "ssh ec2-user@$IP"
\ No newline at end of file
diff --git a/scripts/aws-delete.sh b/scripts/aws-delete.sh
new file mode 100755
index 0000000..d9ef2f3
--- /dev/null
+++ b/scripts/aws-delete.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+## Settings copied from aws-create.sh
+VM=essentials
+
+echo "=== aws-delete.sh $VM"
+
+INSTANCE=$(aws ec2 describe-instances --filters 'Name=instance-state-name,Values=running' 'Name=tag:Name,Values=essentials' --query "Reservations[*].Instances[*].InstanceId" --output text --no-cli-pager)
+
+if [ -n "${INSTANCE}" ] ; then
+    echo "+++ terminating $VM $INSTANCE"
+    aws ec2 terminate-instances --instance-id $INSTANCE --no-cli-pager
+fi
diff --git a/scripts/aws-vpc-create.sh b/scripts/aws-vpc-create.sh
new file mode 100755
index 0000000..927d0b3
--- /dev/null
+++ b/scripts/aws-vpc-create.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+## Settings copied from aws-create.sh
+VM=essentials
+
+## Create a simple VPC.
+echo "===  aws-vpc-create.sh"
+
+echo "+++ creating '$VM' networking allowing internal traffic and external ssh and ICMP access"
+aws ec2 create-vpc \
+    --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=$VM}]" \
+    --cidr-block 10.0.0.0/16 \
+    --no-cli-pager
+VPC=$(aws ec2 describe-vpcs --filter "Name=tag:Name,Values=${VM}" --query "Vpcs[].VpcId" --output text)
+echo "+++ created VPC $VPC"
+
+aws ec2 create-subnet \
+    --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=$VM}]" \
+    --vpc-id $VPC \
+    --cidr-block 10.0.0.0/16 \
+    --no-cli-pager
+SUBNET=$(aws ec2 describe-subnets --filter "Name=tag:Name,Values=${VM}" --query "Subnets[].SubnetId" --output text)
+echo "+++ created subnet $SUBNET"
+
+aws ec2 create-security-group \
+    --group-name $VM \
+    --description $VM \
+    --vpc-id $VPC \
+    --no-cli-pager
+SG=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=${VM}" --query "SecurityGroups[].GroupId" --output text)
+echo "+++ created security group $SG"
+
+# SSH, ICMP
+aws ec2 authorize-security-group-ingress \
+    --group-id $SG \
+    --protocol=tcp --port=22 --cidr 0.0.0.0/0 \
+    --no-cli-pager
+aws ec2 authorize-security-group-ingress \
+    --group-id $SG \
+    --protocol=icmp --port=-1 --cidr 0.0.0.0/0 \
+    --no-cli-pager
+
+aws ec2 create-internet-gateway \
+    --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=$VM}]" \
+    --no-cli-pager
+IG=$(aws ec2 describe-internet-gateways --filters "Name=tag:Name,Values=${VM}" --query "InternetGateways[].InternetGatewayId" --output text)
+echo "+++ created internet gateway $IG"
+
+aws ec2 attach-internet-gateway \
+    --internet-gateway-id $IG \
+    --vpc-id $VPC \
+    --no-cli-pager
+
+aws ec2 create-route-table \
+    --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=$VM}]" \
+    --vpc-id $VPC \
+    --no-cli-pager
+RT=$(aws ec2 describe-route-tables --filters "Name=tag:Name,Values=${VM}" --query "RouteTables[].RouteTableId" --output text)
+echo "+++ created route table $RT"
+
+aws ec2 create-route \
+    --route-table-id $RT \
+    --gateway-id $IG \
+    --destination-cidr-block 0.0.0.0/0 \
+    --no-cli-pager
+
+aws ec2 associate-route-table \
+    --route-table-id $RT \
+    --subnet-id $SUBNET \
+    --no-cli-pager
+
+aws ec2 modify-subnet-attribute \
+    --subnet-id $SUBNET \
+    --map-public-ip-on-launch \
+    --no-cli-pager
+
+echo "+++ networking: $VM,$VPC,$SUBNET,$SG,$IG,$RT."
diff --git a/scripts/aws-vpc-delete.sh b/scripts/aws-vpc-delete.sh
new file mode 100755
index 0000000..50bbd00
--- /dev/null
+++ b/scripts/aws-vpc-delete.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# References:
+# * https://docs.aws.amazon.com/vpc/latest/userguide/vpc-subnets-commands-example.html
+
+# Settings in aws-create.sh
+VM=essentials
+
+echo "=== aws-vpc-delete.sh $VM"
+
+VPC=$(aws ec2 describe-vpcs --filter "Name=tag:Name,Values=${VM}" --query "Vpcs[].VpcId" --output text)
+SUBNET=$(aws ec2 describe-subnets --filter "Name=tag:Name,Values=${VM}" --query "Subnets[].SubnetId" --output text)
+SG=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=${VM}" --query "SecurityGroups[].GroupId" --output text)
+IG=$(aws ec2 describe-internet-gateways --filters "Name=tag:Name,Values=${VM}" --query "InternetGateways[].InternetGatewayId" --output text)
+RT=$(aws ec2 describe-route-tables --filters "Name=tag:Name,Values=${VM}" --query "RouteTables[].RouteTableId" --output text)
+echo "+++ networking: $VM,$VPC,$SUBNET,$SG,$IG,$RT."
+
+if [ -n "${SG}" ] ; then
+    echo "+++ terminating $VM $SG"
+    aws ec2 delete-security-group --group-id $SG --no-cli-pager
+fi
+
+if [ -n "${SUBNET}" ] ; then
+    echo "+++ terminating $VM $SUBNET"
+    aws ec2 delete-subnet --subnet-id $SUBNET --no-cli-pager
+fi
+
+if [ -n "${RT}" ] ; then
+    echo "+++ terminating $VM $RT"
+    aws ec2 delete-route-table --route-table-id $RT --no-cli-pager
+fi
+
+if [ -n "${IG}" ] ; then
+    echo "+++ terminating $VM $IG"
+    aws ec2 detach-internet-gateway --internet-gateway-id $IG --vpc-id $VPC --no-cli-pager
+    aws ec2 delete-internet-gateway --internet-gateway-id $IG --no-cli-pager
+fi
+
+if [ -n "${VPC}" ] ; then
+    echo "+++ terminating $VM $VPC"
+    aws ec2 delete-vpc --vpc-id $VPC --no-cli-pager
+fi
+