Ruby Script by AWS for Identity Federation

#!/usr/bin/ruby

require 'rubygems'
require 'json'
require 'open-uri'
require 'cgi'
require 'aws-sdk'

# The temporary credentials will normally come from your identity
# broker, but for simplicity we create them in place
sts = AWS::STS.new(:access_key_id => "AKFFAASVASDE",
:secret_access_key => "irJa8tNsdfavaercravavraWA")

# A sample policy for accessing SNS in the console.
policy = AWS::STS::Policy.new
policy.allow(:actions => "*",:resources => :any)

session = sts.new_federated_session(
"FederatedUser(Unni)",
:policy => policy,
:duration => 3600)
# The issuer parameter specifies your internal sign-in
# page, for example https://mysignin.internal.mycompany.com/.
# The console parameter specifies the URL to the destination tab of the
# AWS Management Console. This example goes to the sns console.
# The signin parameter is the URL to send the request to.
issuer_url = "http://localhost/\"
console_url = "https://console.aws.amazon.com/\"
signin_url = "https://signin.aws.amazon.com/federation\"

# Create the signin token using temporary credentials,
# including the Access Key ID, Secret Access Key, and security token.

session_json = {
:sessionId => session.credentials[:access_key_id],
:sessionKey => session.credentials[:secret_access_key],
:sessionToken => session.credentials[:session_token]
}.to_json

get_signin_token_url = signin_url + "?Action=getSigninToken&SessionType=json&Session=" + CGI.escape(session_json)
returned_content = URI.parse(get_signin_token_url).read
signin_token = JSON.parse(returned_content)['SigninToken']
signin_token_param = "&SigninToken=" + CGI.escape(signin_token)

# The issuer parameter is optional, but recommended. Use it to direct users
# to your sign-in page when their session expires.
issuer_param = "&Issuer=" + CGI.escape(issuer_url)
destination_param = "&Destination=" + CGI.escape(console_url)

login_url = signin_url + "?Action=login" + signin_token_param + issuer_param + destination_param
puts "Login in URL - %s" % login_url;

AS Monitoring-Svr Script

#!/bin/bash

while true
do
rm req-values
#Get instance list
as-describe-auto-scaling-groups unni-autoscale-test | awk {‘print $2’} | grep -v unni-autoscale-test > inst-list

#retrieving public ip address from the instance address
for i in `cat /home/unni/as-test/inst-list`; do
ec2-describe-instances $i  | awk ‘{print $4}’ | grep amazonaws.com >> ip-list
done

#retrieving access log values
for i in `cat /home/unni/as-test/ip-list`; do
ssh -i unni.pem -o StrictHostKeyChecking=no ubuntu@$i source /home/ubuntu/requestretriever.sh >> req-values
done

#requestretriever.sh is the name of the script running in the host machines.

rm ip-list

#taking average and uploading it to cloudwatch
avg=`awk ‘{s+=$1} END {print “Average: ” s/NR}’ req-values | awk ‘{print $2}’`

mon-put-data -m “RequestCount” –namespace UnniCustomMetric –dimensions “instance=i-virtual01,servertype=apache” –value $avg -u Bytes

done

Create an AMI of EBS-backed-Instance for backup

This is an excerpt from script running on an chef build debian ec2 instance.

OS – Debain Squeeze

Assuming EC2-API tools are installed and configured.

Also the export the environment variable (to avoid using -C and -K flags in command)

export EC2_PRIVATE_KEY=/root/ec2-certs/pk-47OH3YSOZRKGXYH4P2MXKW6YDEKOHGGV.pem
export EC2_CERT=/root/ec2-certs/cert-47OH3YSOZRKGXYH4P2MXKW6YDEKOHGGV.pem

###### To obtain instance ID #########

#inst_id=`cat /opt/smart/log.txt | grep Instance | awk {‘print $3’}`

The above command is used in a chef based instance. The log.txt is output redirection of the knife create command

inst_id=i-s123456

Command to create an AMI —
#ec2-create-image -n “Test unni” –description “To be deleted” –no-reboot i-f123456


printf “`ec2-create-image -n “Instance-name-$Cur” –description “Instance-info-$Cur” –no-reboot $inst_id` `date +%Y-%m-%d`\n” >> /opt/scripts/ami.txt


Note: The printf command is used to log ami-ids in a chronological order by putting dates beside it.

############# Snapshots Log ####################

##Assuming 2 ebs is attached which appears as /dev/sda and /dev/sdi in the instance.

amiid=`cat /opt/scripts/ami.txt | grep $Cur |awk {‘print $2’}`

printf “`ec2-describe-images $amiid | grep /dev/sda | awk {‘print $3’}` `date +%Y-%m-%d` `echo /dev/sda`\n” >> /opt/scripts/ami_snapshots.txt

printf “`ec2-describe-images $amiid | grep /dev/sdi | awk {‘print $3’}` `date +%Y-%m-%d` `echo /dev/sdi`\n” >> /opt/scripts/ami_snapshots.txt

#################### Deregister AMI ###############
# Retention Policy 5 days

amiold=`cat /opt/scripts/ami.txt | grep $C |awk {‘print $2’}`
ec2-deregister $amiold

############# Delete Sanpshots ####################
snap1=`cat /opt/scripts/ami_snapshots.txt | grep $C | grep /dev/sda | awk {‘print $1’}`
snap2=`cat /opt/scripts/ami_snapshots.txt | grep $C | grep /dev/sdi | awk {‘print $1’}`

ec2-delete-snapshot $snap1
ec2-delete-snapshot $snap2

Other Useful related commands are:
*ec2-describe-images
*ec2-describe-snapshots

Take EBS Snapshot with 3 days of rentention

NOTE: This script was created for Chef build instances, so the log(/opt/log.txt) which takes the stdout output is the source where the instance id is fetched from. Also a 50GB EBS is also attached on the fly by CHEF

#!/bin/bash

C=`date +%Y-%m-%d –date=’3 days ago’`

###### To obtain instance ID #########

inst_id=`cat /opt/log.txt | grep Instance | awk {‘print $3’}`

####### To obtain volume ID #######

ec2-describe-volumes -K /opt/EC2_API_Certs/pk-4GV.pem -C /opt/EC2_API_Certs/cert-47OH3YSO.pem –region us-east-1 | grep $inst_id | grep /dev/sdi | awk ‘{print $2}’ > /opt/volID.txt

id=`cat /opt/volID.txt`

##### To create snapshots and log into snapshot_log.txt ######

ec2-create-snapshot $id -K /opt/EC2_API_Certs/pk-47OH.pem -C /opt/EC2_API_Certs/cert-47OH3Y.pem –region us-east-1 >> /opt/scripts/snapshot_log.txt

###### To put up list of volumes ######

ec2-describe-snapshots -K /opt/EC2_API_Certs/pk-47OHGV.pem -C /opt/EC2_API_Certs/cert-47OH3YSOZR.pem –region us-east-1 | grep $id >> /opt/scripts/snaplist

####### To sieve the snapids to be deleted into a file and delete them one by one ############

cat /opt/scripts/snaplist | grep $C | awk {‘print $2’} | sort -u > /opt/scripts/delsnaps

for i in `cat /opt/scripts/delsnaps`; do ec2-delete-snapshot $i -K /opt/EC2_API_Certs/pk-47OH3Y.pem -C /opt/EC2_API_Certs/cert-47.pem –region us-east-1; done