Beispiel #1
0
func (c *CloudWatch) Connect() error {
	Config := &aws.Config{
		Region: aws.String(c.Region),
		Credentials: credentials.NewChainCredentials(
			[]credentials.Provider{
				&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())},
				&credentials.EnvProvider{},
				&credentials.SharedCredentialsProvider{},
			}),
	}

	svc := cloudwatch.New(session.New(Config))

	params := &cloudwatch.ListMetricsInput{
		Namespace: aws.String(c.Namespace),
	}

	_, err := svc.ListMetrics(params) // Try a read-only call to test connection.

	if err != nil {
		log.Printf("cloudwatch: Error in ListMetrics API call : %+v \n", err.Error())
	}

	c.svc = svc

	return err
}
Beispiel #2
0
func (t *TextDetail) SetAwsInfo(region string) error {
	meta := ec2metadata.New(session.New(), &aws.Config{Region: aws.String(region)})
	instance_id, err := meta.GetMetadata("instance-id")

	svc := ec2.New(session.New(), &aws.Config{Region: aws.String(region)})

	res, err := svc.DescribeInstances(nil)
	if err != nil {
		return err
	}

	tag_name := ""

	for _, r := range res.Reservations {
		for _, i := range r.Instances {
			if *i.InstanceId == instance_id {
				tag_name = *i.Tags[0].Value
			}
		}
	}

	t.AwsInstanceId = instance_id
	t.AwsTagName = tag_name

	return nil
}
func TestEC2RoleProviderExpiryWindowIsExpired(t *testing.T) {
	server := initTestServer("2014-12-16T01:51:37Z", false)
	defer server.Close()

	p := &ec2rolecreds.EC2RoleProvider{
		Client:       ec2metadata.New(&ec2metadata.Config{Endpoint: aws.String(server.URL + "/latest")}),
		ExpiryWindow: time.Hour * 1,
	}
	p.CurrentTime = func() time.Time {
		return time.Date(2014, 12, 15, 0, 51, 37, 0, time.UTC)
	}

	assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve.")

	_, err := p.Retrieve()
	assert.Nil(t, err, "Expect no error")

	assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve.")

	p.CurrentTime = func() time.Time {
		return time.Date(2014, 12, 16, 0, 55, 37, 0, time.UTC)
	}

	assert.True(t, p.IsExpired(), "Expect creds to be expired.")
}
Beispiel #4
0
func (p *amazon) getRegion() (string, error) {
	if len(p.c.Region) == 0 {
		meta := ec2metadata.New(&ec2metadata.Config{})
		return meta.Region()
	}
	return p.c.Region, nil
}
Beispiel #5
0
func main() {
	kingpin.Parse()

	me := ec2metadata.New(session.New(), &aws.Config{})
	region, err := me.Region()
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

	cw := cloudwatch.New(session.New(&aws.Config{Region: aws.String(region)}))
	as := autoscaling.New(session.New(&aws.Config{Region: aws.String(region)}))

	// Get the name of this instance.
	instance, err := me.GetMetadata("instance-id")
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
	log.Printf("Instance: %s", instance)

	// Check if this instance is in an auto scaling group.
	gps, err := as.DescribeAutoScalingInstances(&autoscaling.DescribeAutoScalingInstancesInput{
		InstanceIds: []*string{
			aws.String(instance),
		},
	})
	if err == nil && len(gps.AutoScalingInstances) > 0 {
		group = *gps.AutoScalingInstances[0].AutoScalingGroupName
		log.Printf("AutoScaling group: %s", group)
	}

	// Loop and send to the backend.
	limiter := time.Tick(time.Second * 60)
	for {
		<-limiter

		// Submit all the values.
		for _, mn := range strings.Split(*cliMetrics, ",") {
			m, err := metric.New(mn)
			if err != nil {
				log.Printf("Cannot find metric: %s" + mn)
				continue
			}

			v, err := m.Value()
			if err != nil {
				log.Println("Cannot get metric.")
			}

			// Send the instance metrics.
			Send(cw, "InstanceId", instance, m.Name(), v)

			// Send the autoscaling.
			if group != "" {
				Send(cw, "AutoScalingGroupName", group, m.Name(), v)
			}
		}
	}
}
Beispiel #6
0
func NewAwsAsgEbs(maxRetries int) *AwsAsgEbs {
	awsAsgEbs := &AwsAsgEbs{}

	metadata := ec2metadata.New(session.New())

	region, err := metadata.Region()
	if err != nil {
		log.WithFields(log.Fields{"error": err}).Fatal("Failed to get region from instance metadata")
	}
	log.WithFields(log.Fields{"region": region}).Info("Setting region")
	awsAsgEbs.Region = region

	availabilityZone, err := metadata.GetMetadata("placement/availability-zone")
	if err != nil {
		log.WithFields(log.Fields{"error": err}).Fatal("Failed to get availability zone from instance metadata")
	}
	log.WithFields(log.Fields{"az": availabilityZone}).Info("Setting availability zone")
	awsAsgEbs.AvailabilityZone = availabilityZone

	instanceId, err := metadata.GetMetadata("instance-id")
	if err != nil {
		log.WithFields(log.Fields{"error": err}).Fatal("Failed to get instance id from instance metadata")
	}
	log.WithFields(log.Fields{"instance_id": instanceId}).Info("Setting instance id")
	awsAsgEbs.InstanceId = instanceId

	awsAsgEbs.AwsConfig = aws.NewConfig().
		WithRegion(region).
		WithCredentials(ec2rolecreds.NewCredentials(session.New())).
		WithMaxRetries(maxRetries)

	return awsAsgEbs
}
Beispiel #7
0
func NewEbsVolumeDriver() (VolumeDriver, error) {
	d := &ebsVolumeDriver{
		volumes: make(map[string]*ebsVolume),
	}

	ec2sess := session.New()
	d.ec2meta = ec2metadata.New(ec2sess)

	// Fetch AWS information, validating along the way.
	if !d.ec2meta.Available() {
		return nil, errors.New("Not running on an EC2 instance.")
	}
	var err error
	if d.awsInstanceId, err = d.ec2meta.GetMetadata("instance-id"); err != nil {
		return nil, err
	}
	if d.awsRegion, err = d.ec2meta.Region(); err != nil {
		return nil, err
	}
	if d.awsAvailabilityZone, err =
		d.ec2meta.GetMetadata("placement/availability-zone"); err != nil {
		return nil, err
	}

	d.ec2 = ec2.New(ec2sess, &aws.Config{Region: aws.String(d.awsRegion)})

	// Print some diagnostic information and then return the driver.
	log("Auto-detected EC2 information:\n")
	log("\tInstanceId        : %v\n", d.awsInstanceId)
	log("\tRegion            : %v\n", d.awsRegion)
	log("\tAvailability Zone : %v\n", d.awsAvailabilityZone)
	return d, nil
}
Beispiel #8
0
func initAWS() {
	defer Track("initAWS", Now(), debugOut)

	AWSSession = session.New()

	// Region
	if GlobalConfig.Get("awsRegion") != "" {
		// CLI trumps
		AWSSession.Config.Region = aws.String(GlobalConfig.Get("awsRegion"))
	} else if os.Getenv("AWS_REGION") == "" {
		// Grab it from this EC2 instace
		region, err := ec2metadata.New(session.New()).Region()
		if err != nil {
			fmt.Printf("Cannot set AWS region: '%v'\n", err)
			os.Exit(1)
		}
		AWSSession.Config.Region = aws.String(region)
	}

	// Creds
	if GlobalConfig.Get("awsAccessKey") != "" && GlobalConfig.Get("awsSecretKey") != "" {
		// CLI trumps
		creds := credentials.NewStaticCredentials(
			GlobalConfig.Get("awsAccessKey"),
			GlobalConfig.Get("awsSecretKey"),
			"")
		AWSSession.Config.Credentials = creds
	}

}
// Retrieve retrieves credentials from the EC2 service.
// Error will be returned if the request fails, or unable to extract
// the desired credentials.
func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
	if m.Client == nil {
		m.Client = ec2metadata.New(nil)
	}

	credsList, err := requestCredList(m.Client)
	if err != nil {
		return credentials.Value{}, err
	}

	if len(credsList) == 0 {
		return credentials.Value{}, awserr.New("EmptyEC2RoleList", "empty EC2 Role list", nil)
	}
	credsName := credsList[0]

	roleCreds, err := requestCred(m.Client, credsName)
	if err != nil {
		return credentials.Value{}, err
	}

	m.SetExpiration(roleCreds.Expiration, m.ExpiryWindow)

	return credentials.Value{
		AccessKeyID:     roleCreds.AccessKeyID,
		SecretAccessKey: roleCreds.SecretAccessKey,
		SessionToken:    roleCreds.Token,
	}, nil
}
Beispiel #10
0
func TestGetUserData_Error(t *testing.T) {
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		reader := strings.NewReader(`<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 - Not Found</title>
 </head>
 <body>
  <h1>404 - Not Found</h1>
 </body>
</html>`)
		w.Header().Set("Content-Type", "text/html")
		w.Header().Set("Content-Length", fmt.Sprintf("%d", reader.Len()))
		w.WriteHeader(http.StatusNotFound)
		io.Copy(w, reader)
	}))

	defer server.Close()
	c := ec2metadata.New(unit.Session, &aws.Config{Endpoint: aws.String(server.URL + "/latest")})

	resp, err := c.GetUserData()
	assert.Error(t, err)
	assert.Empty(t, resp)

	aerr, ok := err.(awserr.Error)
	assert.True(t, ok)
	assert.Equal(t, "NotFoundError", aerr.Code())
}
Beispiel #11
0
// Config returns a valid aws.Config object for access to AWS services, or
// an error if the authentication and region couldn't be resolved
func (c *AccessConfig) Config() (*aws.Config, error) {
	var creds *credentials.Credentials

	region, err := c.Region()
	if err != nil {
		return nil, err
	}
	config := aws.NewConfig().WithRegion(region).WithMaxRetries(11)
	if c.ProfileName != "" {
		profile, err := NewFromProfile(c.ProfileName)
		if err != nil {
			return nil, err
		}
		creds, err = profile.CredentialsFromProfile(config)
		if err != nil {
			return nil, err
		}
	} else {
		sess := session.New(config)
		creds = credentials.NewChainCredentials([]credentials.Provider{
			&credentials.StaticProvider{Value: credentials.Value{
				AccessKeyID:     c.AccessKey,
				SecretAccessKey: c.SecretKey,
				SessionToken:    c.Token,
			}},
			&credentials.EnvProvider{},
			&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
			&ec2rolecreds.EC2RoleProvider{
				Client: ec2metadata.New(sess),
			},
		})
	}
	return config.WithCredentials(creds), nil
}
func main() {
	kingpin.Version("2.1.0")
	kingpin.Parse()

	sl, err := syslog.New(syslog.LOG_NOTICE|syslog.LOG_LOCAL0, "[varnish-purge-proxy]")
	defer sl.Close()
	if err != nil {
		log.Println("Error writing to syslog")
	} else {
		log.SetFlags(0)
		log.SetOutput(sl)
	}

	if len(*tags) == 0 {
		fmt.Println("No tags specified")
		return
	}

	region, err = ec2metadata.New(session.New()).Region()
	if err != nil {
		log.Printf("Unable to retrieve the region from the EC2 instance %v\n", err)
	}

	// Set up access to ec2
	svc := ec2.New(session.New(), &aws.Config{Region: &region})

	go serveHTTP(*port, *listen, svc)

	select {}
}
Beispiel #13
0
func TestMetadataNotAvailable(t *testing.T) {
	c := ec2metadata.New(nil)

	available := c.Available()

	assert.False(t, available)
}
Beispiel #14
0
func main() {

	meta := ec2metadata.New(session.New())
	if meta.Available() == false {
		fmt.Println("Not an EC2 instance or Metadata service unavailable")
		os.Exit(2)
	}

	if len(os.Args) < 2 {
		fmt.Println("Please supply an attribute to query or -h for help")
		os.Exit(1)
	}

	if os.Args[1] == "-h" || os.Args[1] == "--help" {
		showHelp(meta)
		os.Exit(0)
	}

	var result string
	var err error

	if strings.ToLower(os.Args[1]) == "region" {
		result, err = meta.Region()
	} else {
		result, err = meta.GetMetadata(strings.ToLower(os.Args[1]))
	}

	if err != nil {
		fmt.Println("Problem querying metadata service.")
		os.Exit(2)
	}

	fmt.Println(result)

}
Beispiel #15
0
func New(debug bool) MetadataFetcher {
	c := ec2metadata.Config{}
	if debug {
		c.LogLevel = aws.LogLevel(aws.LogDebug)
	}
	return ec2metadata.New(&c)
}
Beispiel #16
0
func NewEC2Info(route *router.Route) (EC2Info, error) {
	_, skip_ec2 := route.Options[`NOEC2`]
	if skip_ec2 || (os.Getenv(`NOEC2`) != "") {
		return EC2Info{}, nil
	}
	// get my instance ID
	mySession := session.New()
	metadataSvc := ec2metadata.New(mySession)
	if !metadataSvc.Available() {
		log.Println("cloudwatch: WARNING EC2 Metadata service not available")
		return EC2Info{}, nil
	}
	instance_id, err := metadataSvc.GetMetadata(`instance-id`)
	if err != nil {
		return EC2Info{}, fmt.Errorf("ERROR getting instance ID: %s", err)
	}
	region, err := metadataSvc.Region()
	if err != nil {
		return EC2Info{}, fmt.Errorf("ERROR getting EC2 region: %s", err)
	}
	return EC2Info{
		InstanceID: instance_id,
		Region:     region,
	}, nil
}
Beispiel #17
0
func NewEBSService() (*ebsService, error) {
	var err error

	s := &ebsService{}
	s.metadataClient = ec2metadata.New(nil)
	if !s.isEC2Instance() {
		return nil, fmt.Errorf("Not running on an EC2 instance")
	}

	s.InstanceID, err = s.metadataClient.GetMetadata("instance-id")
	if err != nil {
		return nil, err
	}

	s.Region, err = s.metadataClient.Region()
	if err != nil {
		return nil, err
	}

	s.AvailabilityZone, err = s.metadataClient.GetMetadata("placement/availability-zone")
	if err != nil {
		return nil, err
	}

	config := aws.NewConfig().WithRegion(s.Region)
	s.ec2Client = ec2.New(config)

	return s, nil
}
Beispiel #18
0
func New(debug bool) MetadataFetcher {
	sess := session.New()
	if debug {
		sess.Config.LogLevel = aws.LogLevel(aws.LogDebug)
	}
	return ec2metadata.New(sess)
}
Beispiel #19
0
func (g *S3Getter) getAWSConfig(region string, creds *credentials.Credentials) *aws.Config {
	conf := &aws.Config{}
	if creds == nil {
		// Grab the metadata URL
		metadataURL := os.Getenv("AWS_METADATA_URL")
		if metadataURL == "" {
			metadataURL = "http://169.254.169.254:80/latest"
		}

		creds = credentials.NewChainCredentials(
			[]credentials.Provider{
				&credentials.EnvProvider{},
				&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
				&ec2rolecreds.EC2RoleProvider{
					Client: ec2metadata.New(session.New(&aws.Config{
						Endpoint: aws.String(metadataURL),
					})),
				},
			})
	}

	conf.Credentials = creds
	if region != "" {
		conf.Region = aws.String(region)
	}

	return conf
}
Beispiel #20
0
func getAwsMetadata(name string) string {
	client := ec2metadata.New(session.New(&aws.Config{}))
	data, err := client.GetMetadata(name)
	if err != nil {
		return info.UnknownInstance
	}
	return data
}
Beispiel #21
0
func getRegion() string {
	metaClient := ec2metadata.New(session.New(&aws.Config{}))
	region, err := metaClient.Region()
	if err != nil {
		log.Fatal(err)
	}
	return region
}
Beispiel #22
0
// Get instance id from the metadata service
func getMyInstanceId() string {
	mdConfig := ec2metadata.New(&ec2metadata.Config{})
	id, err := mdConfig.GetMetadata("instance-id")
	if err != nil {
		return ""
	}
	return id
}
Beispiel #23
0
// Gets the region from the metadata service
// fallback parameter specifies the region to use if there is an error
func getMetadataRegion(fallback string) string {
	metaClient := ec2metadata.New(&ec2metadata.Config{})
	region, err := metaClient.Region()
	if err != nil {
		return fallback
	}
	return region
}
Beispiel #24
0
func getRegionFromInstanceMetaData() (region string) {
	metadata := ec2metadata.New(session.New())
	region, err := metadata.Region()
	if err != nil {
		panic(err)
	}
	return region
}
Beispiel #25
0
// discoverEc2Hosts searches an AWS region, returning a list of instance ips
// where EC2TagKey = EC2TagValue
func (c *Config) discoverEc2Hosts(logger *log.Logger) ([]string, error) {
	config := c.RetryJoinEC2

	ec2meta := ec2metadata.New(session.New())
	if config.Region == "" {
		logger.Printf("[INFO] agent: No EC2 region provided, querying instance metadata endpoint...")
		identity, err := ec2meta.GetInstanceIdentityDocument()
		if err != nil {
			return nil, err
		}
		config.Region = identity.Region
	}

	awsConfig := &aws.Config{
		Region: &config.Region,
		Credentials: credentials.NewChainCredentials(
			[]credentials.Provider{
				&credentials.StaticProvider{
					Value: credentials.Value{
						AccessKeyID:     config.AccessKeyID,
						SecretAccessKey: config.SecretAccessKey,
					},
				},
				&credentials.EnvProvider{},
				&credentials.SharedCredentialsProvider{},
				defaults.RemoteCredProvider(*(defaults.Config()), defaults.Handlers()),
			}),
	}

	svc := ec2.New(session.New(), awsConfig)

	resp, err := svc.DescribeInstances(&ec2.DescribeInstancesInput{
		Filters: []*ec2.Filter{
			{
				Name: aws.String("tag:" + config.TagKey),
				Values: []*string{
					aws.String(config.TagValue),
				},
			},
		},
	})

	if err != nil {
		return nil, err
	}

	var servers []string
	for i := range resp.Reservations {
		for _, instance := range resp.Reservations[i].Instances {
			// Terminated instances don't have the PrivateIpAddress field
			if instance.PrivateIpAddress != nil {
				servers = append(servers, *instance.PrivateIpAddress)
			}
		}
	}

	return servers, nil
}
Beispiel #26
0
func getAWSConfig(c *cli.Context) *aws.Config {
	creds := credentials.NewChainCredentials(
		[]credentials.Provider{
			&credentials.EnvProvider{},
			&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New(&aws.Config{})), ExpiryWindow: 5 * time.Minute},
		})
	region := c.GlobalString("region")
	return &aws.Config{Credentials: creds, Region: aws.String(region)}
}
Beispiel #27
0
func findInstanceID() string {
	metaClient := ec2metadata.New(session.New(&aws.Config{}))
	instanceID, err := metaClient.GetMetadata("instance-id")

	if err != nil {
		log.Fatal(err)
	}
	return instanceID
}
func getRegion() string {
	c := ec2metadata.New(session.New())
	r, err := c.Region()
	if err != nil {
		log.Fatalln("Failed to get region from the metadata service.")
		return ""
	}
	return r
}
func getInstanceID() string {
	c := ec2metadata.New(session.New())
	i, err := c.GetMetadata("instance-id")
	if err != nil {
		log.Fatalln("Failed to get instance ID from the metadata service.")
		return ""
	}
	return i
}
Beispiel #30
0
func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, error) {
	// If we have creds from instance profile, we can use metadata API
	if authProviderName == ec2rolecreds.ProviderName {
		log.Println("[DEBUG] Trying to get account ID via AWS Metadata API")

		cfg := &aws.Config{}
		setOptionalEndpoint(cfg)
		metadataClient := ec2metadata.New(session.New(cfg))
		info, err := metadataClient.IAMInfo()
		if err != nil {
			// This can be triggered when no IAM Role is assigned
			// or AWS just happens to return invalid response
			return "", fmt.Errorf("Failed getting EC2 IAM info: %s", err)
		}

		return parseAccountIdFromArn(info.InstanceProfileArn)
	}

	// Then try IAM GetUser
	log.Println("[DEBUG] Trying to get account ID via iam:GetUser")
	outUser, err := iamconn.GetUser(nil)
	if err == nil {
		return parseAccountIdFromArn(*outUser.User.Arn)
	}

	awsErr, ok := err.(awserr.Error)
	// AccessDenied and ValidationError can be raised
	// if credentials belong to federated profile, so we ignore these
	if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError") {
		return "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
	}
	log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err)

	// Then try STS GetCallerIdentity
	log.Println("[DEBUG] Trying to get account ID via sts:GetCallerIdentity")
	outCallerIdentity, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
	if err == nil {
		return *outCallerIdentity.Account, nil
	}
	log.Printf("[DEBUG] Getting account ID via sts:GetCallerIdentity failed: %s", err)

	// Then try IAM ListRoles
	log.Println("[DEBUG] Trying to get account ID via iam:ListRoles")
	outRoles, err := iamconn.ListRoles(&iam.ListRolesInput{
		MaxItems: aws.Int64(int64(1)),
	})
	if err != nil {
		return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': %s", err)
	}

	if len(outRoles.Roles) < 1 {
		return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': No roles available")
	}

	return parseAccountIdFromArn(*outRoles.Roles[0].Arn)
}