firesim/deploy/awstools/aws_setup.py

#!/usr/bin/env python3

from __future__ import annotations

""" This script configures your AWS account to run FireSim. """

import boto3

vpcname = 'firesim'
secgroupname = 'firesim'

def aws_setup():
    ec2 = boto3.resource('ec2')
    client = boto3.client('ec2')

    # get list of avail zones in the region, we will need it later
    avail_zones = list(map(lambda x: x['ZoneName'], client.describe_availability_zones()['AvailabilityZones']))
    av_zones_with_3octet = zip(range(len(avail_zones)), avail_zones)

    print("Creating VPC for FireSim...")
    vpc = ec2.create_vpc(CidrBlock='192.168.0.0/16')
    vpc_id = vpc.id
    # confirm that vpc is actually available before running commands
    client.get_waiter('vpc_exists').wait(VpcIds=[vpc_id])
    client.get_waiter('vpc_available').wait(VpcIds=[vpc_id])

    vpc.create_tags(Tags=[{"Key": "Name", "Value": vpcname}])
    vpc.wait_until_available()

    ig = ec2.create_internet_gateway()
    vpc.attach_internet_gateway(InternetGatewayId=ig.id)

    route_table = vpc.create_route_table()
    route = route_table.create_route(
        DestinationCidrBlock='0.0.0.0/0',
        GatewayId=ig.id
    )
    print("Success!")

    print("Creating a subnet in the VPC for each availability zone...")
    subnets = []
    # create a subnet in each availability zone for this vpc
    for ip, zone in av_zones_with_3octet:
        subnets.append(ec2.create_subnet(CidrBlock='192.168.' + str(ip) + '.0/24', VpcId=vpc.id, AvailabilityZone=zone))
        client.get_waiter('subnet_available').wait(SubnetIds=[subnets[-1].id])
        client.modify_subnet_attribute(MapPublicIpOnLaunch={'Value': True}, SubnetId=subnets[-1].id)
        route_table.associate_with_subnet(SubnetId=subnets[-1].id)
    print("Success!")

    print("Creating a security group for FireSim...")
    sec_group = ec2.create_security_group(
        GroupName=secgroupname, Description='firesim security group', VpcId=vpc.id)

    # allow all egress rule exists by default

    # ingress rules
    sec_group.authorize_ingress(IpPermissions=[
        {u'PrefixListIds': [], u'FromPort': 60000, u'IpRanges': [{u'Description': 'mosh', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 61000, u'IpProtocol': 'udp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'Description': 'mosh', u'CidrIpv6': '::/0'}]},
        {u'PrefixListIds': [], u'FromPort': 22, u'IpRanges': [{u'CidrIp': '0.0.0.0/0'}], u'ToPort': 22, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': []},
        {u'PrefixListIds': [], u'FromPort': 10000, u'IpRanges': [{u'Description': 'firesim network model', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 11000, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'Description': 'firesim network model', u'CidrIpv6': '::/0'}]},
        {u'PrefixListIds': [], u'FromPort': 3389, u'IpRanges': [{u'Description': 'remote desktop', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 3389, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'CidrIpv6': '::/0', u'Description': 'rdp'}]},
        {u'PrefixListIds': [], u'FromPort': 8443, u'IpRanges': [{u'Description': 'nice dcv (ipv4)', u'CidrIp': '0.0.0.0/0'}], u'ToPort': 8443, u'IpProtocol': 'tcp', u'UserIdGroupPairs': [], u'Ipv6Ranges': [{u'Description': 'nice dcv (ipv6)', u'CidrIpv6': '::/0'}]},
    ])

    print("Success!")

if __name__ == '__main__':
    aws_setup()