AWS Command

User Guide: Configuring AWS in DevOps-Bot

This guide will walk you through configuring AWS credentials for use with DevOps-Bot. Follow the steps below to initialize and configure AWS for the tool.

1. Install DevOps-Bot:

   Before configuring AWS, ensure DevOps-Bot is installed on your system. Follow the relevant installation guide for your operating system or container environment.

2. Initialize DevOps-Bot:

   After installing DevOps-Bot, initialize the tool to set up its required files. This will create the necessary configuration files and directories.

   dob brood --init

   Output: This command will initialize the tool and prepare all required files in the default directory.

3. Log in to the AWS Console:

   Log in to your AWS Management Console and navigate to the IAM (Identity and Access Management) service.

4. Create AWS Access Keys:

   Go to IAM > Users in the AWS Console.

   Select an existing user or create a new user based on your requirements.

   Assign the necessary permissions to the user based on your intended use of the tool:

   • For full access: Attach the AdministratorAccess policy.
   • For specific actions: Attach policies like EC2FullAccess, S3FullAccess, etc., depending on your requirements.

   Once permissions are set, generate Access Keys for the user:

   • AWS will provide an Access Key ID and a Secret Access Key.
   • Save these credentials securely as they will be required in the next step.
5. Configure AWS Credentials in DevOps-Bot:

   Use the dob aws config command to configure AWS credentials for DevOps-Bot. This step encrypts and securely stores the credentials for the tool.

   dob aws config --ak <AWS_ACCESS_KEY_ID> --sk <AWS_SECRET_ACCESS_KEY> --r <AWS_REGION>

   Example:

   dob aws config --ak 87r4cdkvjcdjhkkjddj --sk 7eufdi64dikkjfdxjkfdsujk --r us-east-1

6. Output of AWS Configuration:

   Once the above command is executed successfully, you will see the following output:

   AWS credentials encrypted and saved locally.
   AWS credentials configured successfully.

7. Verify the Configuration:

   To ensure the AWS configuration is working as expected:

   • Run a sample AWS operation using DevOps-Bot or use the dob command to check for available AWS options.
   • Ensure the configured region and credentials align with your AWS account.

Notes:

• Permissions: Ensure the IAM user has sufficient permissions for your use case. Lack of permissions might lead to failures when using AWS services.
• Encryption: The tool encrypts and securely stores your AWS credentials. You don't need to reconfigure unless credentials are rotated or updated.
• Region: Choose the AWS region where your resources are located or where you plan to deploy.

End of Guide

You have successfully configured AWS credentials in DevOps-Bot. If you encounter any issues, feel free to reach out or refer to the troubleshooting section of the user manual.

Overview

The latest release of the DevOps automation tool introduces a comprehensive set of AWS commands to facilitate cloud infrastructure management directly from the CLI. This update provides DevOps teams with powerful capabilities for creating, managing, and deleting AWS resources across various services, including EC2, VPC, EKS, RDS, S3, IAM, and CodePipeline. Each command is designed with robust error handling, proper validation, and optional parameter support for fine-tuning operations.

New Features and Commands

1. EC2 Management

• Create EC2 Instance (create-ec2-instance)
  • Description: Allows users to launch a new EC2 instance with specified configurations such as instance type, AMI ID, key pair, security groups, and subnet.
  • Options:
    • --region: Specify the AWS region.
    • --instance-type: Define the EC2 instance type (e.g., t2.micro, m5.large).
    • --ami-id: Provide the AMI ID for the instance.
    • --key-name: Name of the key pair for SSH access.
    • --security-group-ids: One or more security groups.
    • --subnet-id: (Optional) Subnet ID for instance placement.
    • --associate-public-ip: (Optional) Automatically assign a public IP to the instance.
  • Example Usage:

    aws create-ec2-instance --region us-east-1 --instance-type t2.micro --ami-id ami-0abcdef1234567890 --key-name MyKeyPair --security-group-ids sg-0123456789abcdef0 --subnet-id subnet-01234567

• Terminate EC2 Instance (terminate-ec2-instance)
  • Description: Terminates an existing EC2 instance.
  • Options:
    • --region: Specify the AWS region.
    • --instance-id: ID of the instance to terminate.
• Stop/Start EC2 Instance (stop-ec2-instance, start-ec2-instance)
  • Description: Commands to stop or start an EC2 instance.
  • Options:
    • --region: Specify the AWS region.
    • --instance-id: ID of the instance to stop/start.
• Modify EC2 Attributes (modify-ec2-attributes)
  • Description: Modify attributes of an existing EC2 instance, such as instance type and security groups.
  • Options:
    • --region: Specify the AWS region.
    • --instance-id: ID of the instance to modify.
    • --instance-type: (Optional) New instance type.
    • --security-group-ids: (Optional) New security group IDs.

2. VPC and Networking

• Create Subnet (subnet)
  • Description: Creates a new subnet within an existing VPC.
  • Options:
    • --region: Specify the AWS region.
    • --vpc-id: ID of the VPC.
    • --cidr-block: CIDR block for the subnet.
    • --availability-zone: Specify the availability zone.
    • --tags: (Optional) Tags for the subnet.
• Create Internet Gateway (internet-gateway)
  • Description: Creates an internet gateway and attaches it to a specified VPC.
  • Options:
    • --region: Specify the AWS region.
    • --vpc-id: ID of the VPC.
    • --tags: (Optional) Tags for the internet gateway.
• Create Route Table (create-route-table)
  • Description: Creates a new route table and adds routes to it.
  • Options:
    • --vpc-id: ID of the VPC.
    • --region: Specify the AWS region.
    • --routes: (Optional) List of routes in the format DESTINATION_CIDR_BLOCK GATEWAY_ID.
    • --tags: (Optional) Tags for the route table.

3. Load Balancer and Target Group

• Create Target Group (target-group)
  • Description: Creates a new target group for use with a load balancer.
  • Options:
    • --region: Specify the AWS region.
    • --name: Name of the target group.
    • --vpc-id: ID of the VPC.
    • --protocol: (Optional) Protocol for the target group (default: HTTP).
    • --port: (Optional) Port for the target group (default: 80).
    • --tags: (Optional) Tags for the target group.
• Create Listener (create-listener)
  • Description: Creates a listener for a load balancer.
  • Options:
    • --region: Specify the AWS region.
    • --load-balancer-arn: ARN of the load balancer.
    • --protocol: Protocol for the listener (e.g., HTTP, HTTPS).
    • --port: Port for the listener.
    • --target-group-arn: (Optional) ARN of the target group.
    • --ssl-certificate-arn: (Optional) ARN of the SSL certificate (required for HTTPS).

4. IAM Management

• Create IAM User/Role/Group (create-iam-user, create-iam-role, create-iam-group)
  • Description: Commands to create IAM users, roles, and groups with optional tags.
  • Options:
    • --user-name, --role-name, --group-name: Name of the IAM entity.
    • --tags: (Optional) Tags for the IAM entity.
• Attach Role Policy (attach-role-policy)
  • Description: Attaches a policy to an IAM role.
  • Options:
    • --role-name: Name of the IAM role.
    • --policy-arn: ARN of the policy.
• Add User to Group (add-user-to-group)
  • Description: Adds an IAM user to a specified group.
  • Options:
    • --user-name: Name of the IAM user.
    • --group-name: Name of the IAM group.

5. S3 Bucket Management

• Create S3 Bucket (create-s3-bucket)
  • Description: Creates a new S3 bucket with optional versioning, logging, and encryption.
  • Options:
    • --bucket-name: Name of the S3 bucket.
    • --region: AWS region.
    • --versioning: (Optional) Enable versioning.
    • --tags: (Optional) Tags for the bucket.
• Delete S3 Bucket (delete-s3-bucket)
  • Description: Deletes an S3 bucket and optionally its contents.
  • Options:
    • --bucket-name: Name of the S3 bucket.
    • --force: (Optional) Force deletion of bucket contents.

6. EKS Cluster Management

• Create EKS Cluster (create-eks-cluster)
  • Description: Creates a new EKS cluster with specified version, subnets, and security groups.
  • Options:
    • --cluster-name: Name of the EKS cluster.
    • --region: AWS region.
    • --subnets: Subnet IDs.
    • --security-group-ids: Security group IDs.
    • --version: Kubernetes version (default: 1.25).

7. CodePipeline Management

• Create CodePipeline (create-codepipeline)
  • Description: Creates a new CodePipeline with specified stages and artifact store.
  • Options:
    • --pipeline-name: Name of the pipeline.
    • --role-arn: IAM role ARN for the pipeline.
    • --artifact-store-type: Type of artifact store (e.g., S3).
    • --stages: JSON formatted list of pipeline stages.

Error Handling and Logging

All commands include robust error handling using boto3 exceptions (ClientError, NoCredentialsError, etc.). Errors are logged and displayed in a user-friendly manner with appropriate messages. Successful operations are confirmed with relevant IDs or ARNs.

Security

The tool ensures secure handling of AWS credentials by leveraging environment variables or configuration files for authentication. Commands requiring sensitive information, such as IAM roles or key pairs, prompt users to follow AWS best practices.