更改 ec2 实例的密钥
changing the key of an ec2 instance
我在创建实例的脚本中错误地输入了错误的键名。
现在我无法通过 ssh 进入新创建的实例。有什么办法可以将密钥更改或替换为现有密钥。
The script is following
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Check if the user has the Access & Secret key configured
import boto3
from boto3 import Session
session = Session()
credentials = session.get_credentials()
current_credentials = credentials.get_frozen_credentials()
# Break & Exit if any of the key is not present
if current_credentials.access_key is None:
print("Access Key missing, use `aws configure` to setup")
exit()
if current_credentials.secret_key is None:
print("Secret Key missing, use `aws configure` to setup")
exit()
# VPC design for multi az deployments
globalVars = {}
globalVars['REGION_NAME'] = "ap-south-1"
globalVars['AZ1'] = "ap-south-1a"
globalVars['AZ2'] = "ap-south-1b"
globalVars['CIDRange'] = "10.240.0.0/23"
globalVars['az1_pvtsubnet_CIDRange'] = "10.240.0.0/25"
globalVars['az1_pubsubnet_CIDRange'] = "10.240.0.128/26"
globalVars['az1_sparesubnet_CIDRange'] = "10.240.0.192/26"
globalVars['az2_pvtsubnet_CIDRange'] = "10.240.1.0/25"
globalVars['az2_pubsubnet_CIDRange'] = "10.240.1.128/26"
globalVars['az2_sparesubnet_CIDRange'] = "10.240.1.192/26"
globalVars['Project'] = { 'Key': 'Name', 'Value': 'test1'}
globalVars['tags'] = [{'Key': 'Owner', 'Value': 'test1'},
{'Key': 'Environment', 'Value': 'Test'},
{'Key': 'Department', 'Value': 'TestD'}]
# EC2 Parameters
globalVars['EC2-Amazon-AMI-ID'] = "ami-00b6a8a2bd28daf19"
globalVars['EC2-InstanceType'] = "t2.micro"
globalVars['EC2-KeyName'] = "datastructutrekey"
# AutoScaling Parameters
globalVars['ASG-LaunchConfigName'] = "ASG-Demo-LaunchConfig"
globalVars['ASG-AutoScalingGroupName'] = "ASG-Demo-AutoScalingGrp"
# Creating a VPC, Subnet, and Gateway
ec2 = boto3.resource('ec2', region_name=globalVars['REGION_NAME'])
ec2Client = boto3.client('ec2', region_name=globalVars['REGION_NAME'])
vpc = ec2.create_vpc(CidrBlock=globalVars['CIDRange'])
asgClient = boto3.client('autoscaling', region_name=globalVars['REGION_NAME'])
rds = boto3.client('rds', region_name=globalVars['REGION_NAME'])
# AZ1 Subnets
az1_pvtsubnet = vpc.create_subnet(CidrBlock=globalVars['az1_pvtsubnet_CIDRange'], AvailabilityZone=globalVars['AZ1'])
az1_pubsubnet = vpc.create_subnet(CidrBlock=globalVars['az1_pubsubnet_CIDRange'], AvailabilityZone=globalVars['AZ1'])
az1_sparesubnet = vpc.create_subnet(CidrBlock=globalVars['az1_sparesubnet_CIDRange'], AvailabilityZone=globalVars['AZ1'])
# AZ2 Subnet
az2_pvtsubnet = vpc.create_subnet(CidrBlock=globalVars['az2_pvtsubnet_CIDRange'], AvailabilityZone=globalVars['AZ2'])
az2_pubsubnet = vpc.create_subnet(CidrBlock=globalVars['az2_pubsubnet_CIDRange'], AvailabilityZone=globalVars['AZ2'])
az2_sparesubnet = vpc.create_subnet(CidrBlock=globalVars['az2_sparesubnet_CIDRange'], AvailabilityZone=globalVars['AZ2'])
# Enable DNS Hostnames in the VPC
vpc.modify_attribute(EnableDnsSupport={'Value': True})
vpc.modify_attribute(EnableDnsHostnames={'Value': True})
# Create the Internet Gatway & Attach to the VPC
intGateway = ec2.create_internet_gateway()
intGateway.attach_to_vpc(VpcId=vpc.id)
# Create another route table for Public & Private traffic
routeTable = ec2.create_route_table(VpcId=vpc.id)
rtbAssn=[]
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az1_pubsubnet.id))
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az1_pvtsubnet.id))
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az2_pubsubnet.id))
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az2_pvtsubnet.id))
# Create a route for internet traffic to flow out
intRoute = ec2Client.create_route(RouteTableId=routeTable.id, DestinationCidrBlock='0.0.0.0/0', GatewayId=intGateway.id)
# Tag the resources
vpc.create_tags (Tags=globalVars['tags'])
az1_pvtsubnet.create_tags (Tags=globalVars['tags'])
az1_pubsubnet.create_tags (Tags=globalVars['tags'])
az1_sparesubnet.create_tags(Tags=globalVars['tags'])
az2_pvtsubnet.create_tags (Tags=globalVars['tags'])
az2_pubsubnet.create_tags (Tags=globalVars['tags'])
az2_sparesubnet.create_tags(Tags=globalVars['tags'])
intGateway.create_tags (Tags=globalVars['tags'])
routeTable.create_tags (Tags=globalVars['tags'])
vpc.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-vpc'}])
az1_pvtsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az1-private-subnet'}])
az1_pubsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az1-public-subnet'}])
az1_sparesubnet.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az1-spare-subnet'}])
az2_pvtsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az2-private-subnet'}])
az2_pubsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az2-public-subnet'}])
az2_sparesubnet.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az2-spare-subnet'}])
intGateway.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-igw'}])
routeTable.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-rtb'}])
# Let create the Public & Private Security Groups
elbSecGrp = ec2.create_security_group(DryRun=False,
GroupName='elbSecGrp',
Description='ElasticLoadBalancer_Security_Group',
VpcId=vpc.id
)
pubSecGrp = ec2.create_security_group(DryRun=False,
GroupName='pubSecGrp',
Description='Public_Security_Group',
VpcId=vpc.id
)
pvtSecGrp = ec2.create_security_group(DryRun=False,
GroupName='pvtSecGrp',
Description='Private_Security_Group',
VpcId=vpc.id
)
elbSecGrp.create_tags(Tags=globalVars['tags'])
pubSecGrp.create_tags(Tags=globalVars['tags'])
pvtSecGrp.create_tags(Tags=globalVars['tags'])
elbSecGrp.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-elb-security-group'}])
pubSecGrp.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-public-security-group'}])
pvtSecGrp.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-private-security-group'}])
# Add a rule that allows inbound SSH, HTTP, HTTPS traffic ( from any source )
ec2Client.authorize_security_group_ingress(GroupId=elbSecGrp.id,
IpProtocol='tcp',
FromPort=80,
ToPort=80,
CidrIp='0.0.0.0/0'
)
# Allow Public Security Group to receive traffic from ELB Security group
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpPermissions=[{'IpProtocol': 'tcp',
'FromPort': 80,
'ToPort': 80,
'UserIdGroupPairs': [{'GroupId': elbSecGrp.id}]
}]
)
# Allow Private Security Group to receive traffic from Application Security group
ec2Client.authorize_security_group_ingress(GroupId=pvtSecGrp.id,
IpPermissions=[{'IpProtocol': 'tcp',
'FromPort': 3306,
'ToPort': 3306,
'UserIdGroupPairs': [{'GroupId': pubSecGrp.id}]
}]
)
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpProtocol='tcp',
FromPort=80,
ToPort=80,
CidrIp='0.0.0.0/0'
)
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpProtocol='tcp',
FromPort=443,
ToPort=443,
CidrIp='0.0.0.0/0'
)
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpProtocol='tcp',
FromPort=22,
ToPort=22,
CidrIp='0.0.0.0/0'
)
# The user defined code to install WebServer & Configure them
userDataCode = """
#!/bin/bash
set -e -x
# Setting up the HTTP server
yum install -y httpd
service httpd start
chkconfig httpd on
groupadd www
usermod -a -G www ec2-user
cd /var/www/
# Set the permissions
chown -R root:www /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} +
find /var/www -type f -exec chmod 0664 {} +
# SE Linux permissive
# setsebool -P httpd_can_network_connect=1
service httpd restart
# Remove below file after testing
echo "<?php phpinfo(); ?>" > /var/www/html/phptestinfo.php
"""
# Create the Public Instance
##### **DeviceIndex**:The network interface's position in the attachment order. For example, the first attached network interface has a DeviceIndex of 0
instanceLst = ec2.create_instances(ImageId=globalVars['EC2-Amazon-AMI-ID'],
MinCount=1,
MaxCount=2,
KeyName="datastructutrekey.pem",
UserData=userDataCode,
InstanceType=globalVars['EC2-InstanceType'],
NetworkInterfaces=[
{
'SubnetId': az1_pubsubnet.id,
'Groups': [pubSecGrp.id],
'DeviceIndex': 0,
'DeleteOnTermination': True,
'AssociatePublicIpAddress': True,
}
]
)
# Create the Launch Configuration
# InstanceId = 'string'
asgLaunchConfig = asgClient.create_launch_configuration(
LaunchConfigurationName=globalVars['ASG-LaunchConfigName'],
ImageId=globalVars['EC2-Amazon-AMI-ID'],
KeyName=globalVars['EC2-KeyName'],
SecurityGroups=[pubSecGrp.id],
UserData=userDataCode,
InstanceType=globalVars['EC2-InstanceType'],
InstanceMonitoring={'Enabled': False },
EbsOptimized=False,
AssociatePublicIpAddress=False
)
# create Auto-Scaling Group
ASGSubnets = az1_pubsubnet.id + "," +az2_pubsubnet.id
asGroup=asgClient.create_auto_scaling_group(
AutoScalingGroupName=globalVars['ASG-AutoScalingGroupName'],
LaunchConfigurationName=globalVars['ASG-LaunchConfigName'],
MinSize=1,
MaxSize=3,
DesiredCapacity=2,
DefaultCooldown=120,
HealthCheckType='EC2',
HealthCheckGracePeriod=60,
Tags=globalVars['tags'],
VPCZoneIdentifier=ASGSubnets
)
asgClient.create_or_update_tags(
Tags=[
{
'ResourceId': globalVars['ASG-AutoScalingGroupName'],
'ResourceType': 'auto-scaling-group',
'Key': 'Name',
'Value': globalVars['Project']['Value'] + '-ASG-Group',
'PropagateAtLaunch': True
},
]
)
###### Print to Screen ########
print("VPC ID : {0}".format(vpc.id))
print("AZ1 Public Subnet ID : {0}".format(az1_pubsubnet.id))
print("AZ1 Private Subnet ID : {0}".format(az1_pvtsubnet.id))
print("AZ1 Spare Subnet ID : {0}".format(az1_sparesubnet.id))
print("Internet Gateway ID : {0}".format(intGateway.id))
print("Route Table ID : {0}".format(routeTable.id))
print("Public Security Group ID : {0}".format(pubSecGrp.id))
print("Private Security Group ID : {0}".format(pvtSecGrp.id))
print("EC2 Key Pair : {0}".format(globalVars['EC2-KeyName']))
print("EC2 PublicIP : {0}".format(globalVars['EC2-KeyName']))
#print("RDS Endpoint : {0}".format(globalVars['Endpoint']))
###### Print to Screen ########
"""
Function to clean up all the resources
"""
def cleanAll(resourcesDict=None):
# Delete the instances
ids = []
for i in instanceLst:
ids.append(i.id)
ec2.instances.filter(InstanceIds=ids).terminate()
# Wait for the instance to be terminated
waiter = ec2Client.get_waiter('instance_terminated')
waiter.wait(InstanceIds=[ids])
ec2Client.delete_key_pair(KeyName=globalVars['EC2-KeyName'])
# Delete Routes & Routing Table
for assn in rtbAssn:
ec2Client.disassociate_route_table(AssociationId=assn.id)
routeTable.delete()
# Delete Subnets
az1_pvtsubnet.delete()
az1_pubsubnet.delete()
az1_sparesubnet.delete()
# Detach & Delete internet Gateway
ec2Client.detach_internet_gateway(InternetGatewayId=intGateway.id, VpcId=vpc.id)
intGateway.delete()
# Delete Security Groups
pubSecGrp.delete()
pvtSecGrp.delete()
vpc.delete()
我通过这个获得了一个名为 datastructutrekey.pem 的密钥,我曾经在我已经 运行 的实例中使用 ssh。在这里我试图创建自动缩放组,在生成实例时错误地在上面的脚本中我指定了名称(错误地作为)datastructutrekey.pem in lines
globalVars['EC2-KeyName'] = "datastructutrekey.pem"
并在函数中 create_instance
ec2.create_instances(ImageId=globalVars['EC2-Amazon-AMI-ID'],
MinCount=1,
MaxCount=2,
KeyName="datastructutrekey.pem",
我已经登录 console.aws.com 并检查了 运行 个实例的密钥名称,它是 "datastructutre key" 但是我下载了一个名称为 datastructutrekey.pem 的文件创建了我的第一个实例,这个密钥是我想在我通过 python 脚本创建的所有新实例中使用的。
当我对新实例执行 ssh 时,出现权限错误。因为在旧脚本中,当我登录 console.aws.com 时,我将密钥名称设置为 datastructutrekey.pem,它显示密钥名称为 datastructutrekey.pem.pem
所以我将旧的 datastructutrekey.pem 复制到 datastructutrekey.pem.pem,然后尝试通过 ssh 连接到新实例,但没有成功。我得到了许可 denied.I 想在所有 instances.So 中使用现有密钥 我遇到了一些问题。
我也不清楚如何在脚本中获取实例的 publicDNSname。
创建实例后,您将无法更改密钥。如果您绝对需要,我们会显示一个解决方法 here
我在创建实例的脚本中错误地输入了错误的键名。 现在我无法通过 ssh 进入新创建的实例。有什么办法可以将密钥更改或替换为现有密钥。
The script is following
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Check if the user has the Access & Secret key configured
import boto3
from boto3 import Session
session = Session()
credentials = session.get_credentials()
current_credentials = credentials.get_frozen_credentials()
# Break & Exit if any of the key is not present
if current_credentials.access_key is None:
print("Access Key missing, use `aws configure` to setup")
exit()
if current_credentials.secret_key is None:
print("Secret Key missing, use `aws configure` to setup")
exit()
# VPC design for multi az deployments
globalVars = {}
globalVars['REGION_NAME'] = "ap-south-1"
globalVars['AZ1'] = "ap-south-1a"
globalVars['AZ2'] = "ap-south-1b"
globalVars['CIDRange'] = "10.240.0.0/23"
globalVars['az1_pvtsubnet_CIDRange'] = "10.240.0.0/25"
globalVars['az1_pubsubnet_CIDRange'] = "10.240.0.128/26"
globalVars['az1_sparesubnet_CIDRange'] = "10.240.0.192/26"
globalVars['az2_pvtsubnet_CIDRange'] = "10.240.1.0/25"
globalVars['az2_pubsubnet_CIDRange'] = "10.240.1.128/26"
globalVars['az2_sparesubnet_CIDRange'] = "10.240.1.192/26"
globalVars['Project'] = { 'Key': 'Name', 'Value': 'test1'}
globalVars['tags'] = [{'Key': 'Owner', 'Value': 'test1'},
{'Key': 'Environment', 'Value': 'Test'},
{'Key': 'Department', 'Value': 'TestD'}]
# EC2 Parameters
globalVars['EC2-Amazon-AMI-ID'] = "ami-00b6a8a2bd28daf19"
globalVars['EC2-InstanceType'] = "t2.micro"
globalVars['EC2-KeyName'] = "datastructutrekey"
# AutoScaling Parameters
globalVars['ASG-LaunchConfigName'] = "ASG-Demo-LaunchConfig"
globalVars['ASG-AutoScalingGroupName'] = "ASG-Demo-AutoScalingGrp"
# Creating a VPC, Subnet, and Gateway
ec2 = boto3.resource('ec2', region_name=globalVars['REGION_NAME'])
ec2Client = boto3.client('ec2', region_name=globalVars['REGION_NAME'])
vpc = ec2.create_vpc(CidrBlock=globalVars['CIDRange'])
asgClient = boto3.client('autoscaling', region_name=globalVars['REGION_NAME'])
rds = boto3.client('rds', region_name=globalVars['REGION_NAME'])
# AZ1 Subnets
az1_pvtsubnet = vpc.create_subnet(CidrBlock=globalVars['az1_pvtsubnet_CIDRange'], AvailabilityZone=globalVars['AZ1'])
az1_pubsubnet = vpc.create_subnet(CidrBlock=globalVars['az1_pubsubnet_CIDRange'], AvailabilityZone=globalVars['AZ1'])
az1_sparesubnet = vpc.create_subnet(CidrBlock=globalVars['az1_sparesubnet_CIDRange'], AvailabilityZone=globalVars['AZ1'])
# AZ2 Subnet
az2_pvtsubnet = vpc.create_subnet(CidrBlock=globalVars['az2_pvtsubnet_CIDRange'], AvailabilityZone=globalVars['AZ2'])
az2_pubsubnet = vpc.create_subnet(CidrBlock=globalVars['az2_pubsubnet_CIDRange'], AvailabilityZone=globalVars['AZ2'])
az2_sparesubnet = vpc.create_subnet(CidrBlock=globalVars['az2_sparesubnet_CIDRange'], AvailabilityZone=globalVars['AZ2'])
# Enable DNS Hostnames in the VPC
vpc.modify_attribute(EnableDnsSupport={'Value': True})
vpc.modify_attribute(EnableDnsHostnames={'Value': True})
# Create the Internet Gatway & Attach to the VPC
intGateway = ec2.create_internet_gateway()
intGateway.attach_to_vpc(VpcId=vpc.id)
# Create another route table for Public & Private traffic
routeTable = ec2.create_route_table(VpcId=vpc.id)
rtbAssn=[]
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az1_pubsubnet.id))
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az1_pvtsubnet.id))
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az2_pubsubnet.id))
rtbAssn.append(routeTable.associate_with_subnet(SubnetId=az2_pvtsubnet.id))
# Create a route for internet traffic to flow out
intRoute = ec2Client.create_route(RouteTableId=routeTable.id, DestinationCidrBlock='0.0.0.0/0', GatewayId=intGateway.id)
# Tag the resources
vpc.create_tags (Tags=globalVars['tags'])
az1_pvtsubnet.create_tags (Tags=globalVars['tags'])
az1_pubsubnet.create_tags (Tags=globalVars['tags'])
az1_sparesubnet.create_tags(Tags=globalVars['tags'])
az2_pvtsubnet.create_tags (Tags=globalVars['tags'])
az2_pubsubnet.create_tags (Tags=globalVars['tags'])
az2_sparesubnet.create_tags(Tags=globalVars['tags'])
intGateway.create_tags (Tags=globalVars['tags'])
routeTable.create_tags (Tags=globalVars['tags'])
vpc.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-vpc'}])
az1_pvtsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az1-private-subnet'}])
az1_pubsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az1-public-subnet'}])
az1_sparesubnet.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az1-spare-subnet'}])
az2_pvtsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az2-private-subnet'}])
az2_pubsubnet.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az2-public-subnet'}])
az2_sparesubnet.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-az2-spare-subnet'}])
intGateway.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-igw'}])
routeTable.create_tags (Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-rtb'}])
# Let create the Public & Private Security Groups
elbSecGrp = ec2.create_security_group(DryRun=False,
GroupName='elbSecGrp',
Description='ElasticLoadBalancer_Security_Group',
VpcId=vpc.id
)
pubSecGrp = ec2.create_security_group(DryRun=False,
GroupName='pubSecGrp',
Description='Public_Security_Group',
VpcId=vpc.id
)
pvtSecGrp = ec2.create_security_group(DryRun=False,
GroupName='pvtSecGrp',
Description='Private_Security_Group',
VpcId=vpc.id
)
elbSecGrp.create_tags(Tags=globalVars['tags'])
pubSecGrp.create_tags(Tags=globalVars['tags'])
pvtSecGrp.create_tags(Tags=globalVars['tags'])
elbSecGrp.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-elb-security-group'}])
pubSecGrp.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-public-security-group'}])
pvtSecGrp.create_tags(Tags=[{'Key': 'Name', 'Value': globalVars['Project']['Value'] + '-private-security-group'}])
# Add a rule that allows inbound SSH, HTTP, HTTPS traffic ( from any source )
ec2Client.authorize_security_group_ingress(GroupId=elbSecGrp.id,
IpProtocol='tcp',
FromPort=80,
ToPort=80,
CidrIp='0.0.0.0/0'
)
# Allow Public Security Group to receive traffic from ELB Security group
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpPermissions=[{'IpProtocol': 'tcp',
'FromPort': 80,
'ToPort': 80,
'UserIdGroupPairs': [{'GroupId': elbSecGrp.id}]
}]
)
# Allow Private Security Group to receive traffic from Application Security group
ec2Client.authorize_security_group_ingress(GroupId=pvtSecGrp.id,
IpPermissions=[{'IpProtocol': 'tcp',
'FromPort': 3306,
'ToPort': 3306,
'UserIdGroupPairs': [{'GroupId': pubSecGrp.id}]
}]
)
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpProtocol='tcp',
FromPort=80,
ToPort=80,
CidrIp='0.0.0.0/0'
)
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpProtocol='tcp',
FromPort=443,
ToPort=443,
CidrIp='0.0.0.0/0'
)
ec2Client.authorize_security_group_ingress(GroupId=pubSecGrp.id,
IpProtocol='tcp',
FromPort=22,
ToPort=22,
CidrIp='0.0.0.0/0'
)
# The user defined code to install WebServer & Configure them
userDataCode = """
#!/bin/bash
set -e -x
# Setting up the HTTP server
yum install -y httpd
service httpd start
chkconfig httpd on
groupadd www
usermod -a -G www ec2-user
cd /var/www/
# Set the permissions
chown -R root:www /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} +
find /var/www -type f -exec chmod 0664 {} +
# SE Linux permissive
# setsebool -P httpd_can_network_connect=1
service httpd restart
# Remove below file after testing
echo "<?php phpinfo(); ?>" > /var/www/html/phptestinfo.php
"""
# Create the Public Instance
##### **DeviceIndex**:The network interface's position in the attachment order. For example, the first attached network interface has a DeviceIndex of 0
instanceLst = ec2.create_instances(ImageId=globalVars['EC2-Amazon-AMI-ID'],
MinCount=1,
MaxCount=2,
KeyName="datastructutrekey.pem",
UserData=userDataCode,
InstanceType=globalVars['EC2-InstanceType'],
NetworkInterfaces=[
{
'SubnetId': az1_pubsubnet.id,
'Groups': [pubSecGrp.id],
'DeviceIndex': 0,
'DeleteOnTermination': True,
'AssociatePublicIpAddress': True,
}
]
)
# Create the Launch Configuration
# InstanceId = 'string'
asgLaunchConfig = asgClient.create_launch_configuration(
LaunchConfigurationName=globalVars['ASG-LaunchConfigName'],
ImageId=globalVars['EC2-Amazon-AMI-ID'],
KeyName=globalVars['EC2-KeyName'],
SecurityGroups=[pubSecGrp.id],
UserData=userDataCode,
InstanceType=globalVars['EC2-InstanceType'],
InstanceMonitoring={'Enabled': False },
EbsOptimized=False,
AssociatePublicIpAddress=False
)
# create Auto-Scaling Group
ASGSubnets = az1_pubsubnet.id + "," +az2_pubsubnet.id
asGroup=asgClient.create_auto_scaling_group(
AutoScalingGroupName=globalVars['ASG-AutoScalingGroupName'],
LaunchConfigurationName=globalVars['ASG-LaunchConfigName'],
MinSize=1,
MaxSize=3,
DesiredCapacity=2,
DefaultCooldown=120,
HealthCheckType='EC2',
HealthCheckGracePeriod=60,
Tags=globalVars['tags'],
VPCZoneIdentifier=ASGSubnets
)
asgClient.create_or_update_tags(
Tags=[
{
'ResourceId': globalVars['ASG-AutoScalingGroupName'],
'ResourceType': 'auto-scaling-group',
'Key': 'Name',
'Value': globalVars['Project']['Value'] + '-ASG-Group',
'PropagateAtLaunch': True
},
]
)
###### Print to Screen ########
print("VPC ID : {0}".format(vpc.id))
print("AZ1 Public Subnet ID : {0}".format(az1_pubsubnet.id))
print("AZ1 Private Subnet ID : {0}".format(az1_pvtsubnet.id))
print("AZ1 Spare Subnet ID : {0}".format(az1_sparesubnet.id))
print("Internet Gateway ID : {0}".format(intGateway.id))
print("Route Table ID : {0}".format(routeTable.id))
print("Public Security Group ID : {0}".format(pubSecGrp.id))
print("Private Security Group ID : {0}".format(pvtSecGrp.id))
print("EC2 Key Pair : {0}".format(globalVars['EC2-KeyName']))
print("EC2 PublicIP : {0}".format(globalVars['EC2-KeyName']))
#print("RDS Endpoint : {0}".format(globalVars['Endpoint']))
###### Print to Screen ########
"""
Function to clean up all the resources
"""
def cleanAll(resourcesDict=None):
# Delete the instances
ids = []
for i in instanceLst:
ids.append(i.id)
ec2.instances.filter(InstanceIds=ids).terminate()
# Wait for the instance to be terminated
waiter = ec2Client.get_waiter('instance_terminated')
waiter.wait(InstanceIds=[ids])
ec2Client.delete_key_pair(KeyName=globalVars['EC2-KeyName'])
# Delete Routes & Routing Table
for assn in rtbAssn:
ec2Client.disassociate_route_table(AssociationId=assn.id)
routeTable.delete()
# Delete Subnets
az1_pvtsubnet.delete()
az1_pubsubnet.delete()
az1_sparesubnet.delete()
# Detach & Delete internet Gateway
ec2Client.detach_internet_gateway(InternetGatewayId=intGateway.id, VpcId=vpc.id)
intGateway.delete()
# Delete Security Groups
pubSecGrp.delete()
pvtSecGrp.delete()
vpc.delete()
我通过这个获得了一个名为 datastructutrekey.pem 的密钥,我曾经在我已经 运行 的实例中使用 ssh。在这里我试图创建自动缩放组,在生成实例时错误地在上面的脚本中我指定了名称(错误地作为)datastructutrekey.pem in lines
globalVars['EC2-KeyName'] = "datastructutrekey.pem"
并在函数中 create_instance
ec2.create_instances(ImageId=globalVars['EC2-Amazon-AMI-ID'],
MinCount=1,
MaxCount=2,
KeyName="datastructutrekey.pem",
我已经登录 console.aws.com 并检查了 运行 个实例的密钥名称,它是 "datastructutre key" 但是我下载了一个名称为 datastructutrekey.pem 的文件创建了我的第一个实例,这个密钥是我想在我通过 python 脚本创建的所有新实例中使用的。
当我对新实例执行 ssh 时,出现权限错误。因为在旧脚本中,当我登录 console.aws.com 时,我将密钥名称设置为 datastructutrekey.pem,它显示密钥名称为 datastructutrekey.pem.pem 所以我将旧的 datastructutrekey.pem 复制到 datastructutrekey.pem.pem,然后尝试通过 ssh 连接到新实例,但没有成功。我得到了许可 denied.I 想在所有 instances.So 中使用现有密钥 我遇到了一些问题。
我也不清楚如何在脚本中获取实例的 publicDNSname。
创建实例后,您将无法更改密钥。如果您绝对需要,我们会显示一个解决方法 here