69 lines
3.3 KiB
Python
Executable File
69 lines
3.3 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
from __future__ import annotations
|
|
|
|
""" This script configures your AWS account to run FireSim. """
|
|
|
|
import boto3
|
|
|
|
vpcname = 'firesim'
|
|
secgroupname = 'firesim'
|
|
|
|
def aws_setup():
|
|
ec2 = boto3.resource('ec2')
|
|
client = boto3.client('ec2')
|
|
|
|
# get list of avail zones in the region, we will need it later
|
|
avail_zones = list(map(lambda x: x['ZoneName'], client.describe_availability_zones()['AvailabilityZones']))
|
|
av_zones_with_3octet = zip(range(len(avail_zones)), avail_zones)
|
|
|
|
print("Creating VPC for FireSim...")
|
|
vpc = ec2.create_vpc(CidrBlock='192.168.0.0/16')
|
|
vpc_id = vpc.id
|
|
# confirm that vpc is actually available before running commands
|
|
client.get_waiter('vpc_exists').wait(VpcIds=[vpc_id])
|
|
client.get_waiter('vpc_available').wait(VpcIds=[vpc_id])
|
|
|
|
vpc.create_tags(Tags=[{"Key": "Name", "Value": vpcname}])
|
|
vpc.wait_until_available()
|
|
|
|
ig = ec2.create_internet_gateway()
|
|
vpc.attach_internet_gateway(InternetGatewayId=ig.id)
|
|
|
|
route_table = vpc.create_route_table()
|
|
route = route_table.create_route(
|
|
DestinationCidrBlock='0.0.0.0/0',
|
|
GatewayId=ig.id
|
|
)
|
|
print("Success!")
|
|
|
|
print("Creating a subnet in the VPC for each availability zone...")
|
|
subnets = []
|
|
# create a subnet in each availability zone for this vpc
|
|
for ip, zone in av_zones_with_3octet:
|
|
subnets.append(ec2.create_subnet(CidrBlock='192.168.' + str(ip) + '.0/24', VpcId=vpc.id, AvailabilityZone=zone))
|
|
client.get_waiter('subnet_available').wait(SubnetIds=[subnets[-1].id])
|
|
client.modify_subnet_attribute(MapPublicIpOnLaunch={'Value': True}, SubnetId=subnets[-1].id)
|
|
route_table.associate_with_subnet(SubnetId=subnets[-1].id)
|
|
print("Success!")
|
|
|
|
print("Creating a security group for FireSim...")
|
|
sec_group = ec2.create_security_group(
|
|
GroupName=secgroupname, Description='firesim security group', VpcId=vpc.id)
|
|
|
|
# allow all egress rule exists by default
|
|
|
|
# ingress rules
|
|
sec_group.authorize_ingress(IpPermissions=[
|
|
{u'PrefixListIds': [], u'FromPort': 60000, u'IpRanges': [{u'Description': 'mosh', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 61000, u'IpProtocol': 'udp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'Description': 'mosh', u'CidrIpv6': '::/0'}]},
|
|
{u'PrefixListIds': [], u'FromPort': 22, u'IpRanges': [{u'CidrIp': '0.0.0.0/0'}], u'ToPort': 22, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': []},
|
|
{u'PrefixListIds': [], u'FromPort': 10000, u'IpRanges': [{u'Description': 'firesim network model', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 11000, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'Description': 'firesim network model', u'CidrIpv6': '::/0'}]},
|
|
{u'PrefixListIds': [], u'FromPort': 3389, u'IpRanges': [{u'Description': 'remote desktop', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 3389, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'CidrIpv6': '::/0', u'Description': 'rdp'}]},
|
|
{u'PrefixListIds': [], u'FromPort': 8443, u'IpRanges': [{u'Description': 'nice dcv (ipv4)', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 8443, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'Description': 'nice dcv (ipv6)', u'CidrIpv6': '::/0'}]},
|
|
])
|
|
|
|
print("Success!")
|
|
|
|
if __name__ == '__main__':
|
|
aws_setup()
|