Quote
"Program to create centralized Linux Instances of Multiple Accounts and Cross-Platform EC2 Instances Using AWS Systems Manager"
By
Code, Tech
By

In this article, I have given a code which can be used as reference while writing a  program to create centralized Linux Instances of Multiple Accounts and Cross-Platform EC2 Instances Using AWS Systems Manager.

Centralized EC2 Linux Instances

Step 1 – Activation Id and Activation Code Creation

  1. Open Console AWS Sign In Screen
  2. Login to Parent Account i.e. Shared Account as per above diagram
  3. In Services select System Manager
  4. Click on Hybrid Activations
  5. click on create activation button.
  6. Specify Instance Limit
  7. Specify activation expiry date of next month as from todays date. It is valid for 30 days.
  8. click on create activation

How to create activation Id and activation Code in aws System Manager

Step 2 – Create Parameter Store

  1. Sign out from parent account
  2. Login to child account i.e. sandbox as per diagram
  3. in services box type system manager
  4. click on paraemter store – click on create parameter
  5. Specify Name i.e. ActivationId – click on standard and string radio buttons then copy and paste the value generated from Hybrid Activations in the value box.
  6. click on create parameter.

Step-3 Linux Instances Registering Instances Lambda Python Program

from boto3 import session
import json
import boto3
import re
import time

def tagging(tagInstance):
    tagvalue = ''
    outputactivation = ''
    s3 = boto3.resource('s3')
    ec2client = boto3.client('ec2', region_name='us-east-1')
    tagInstancePrefix = tagInstance+'-nonprod'
    
    
    bucket = s3.Bucket('cloudz-mi-instances')
    for obj in bucket.objects.filter(Prefix=tagInstancePrefix):
        if "stdout" in obj.key:
        	print obj
        	outputactivation = s3.Object('cloudz-mi-instances', obj.key)
        	outputactivation = outputactivation.get()['Body'].read().decode('utf-8')
        	myoutput = outputactivation.splitlines()
        	print myoutput
        	for content in myoutput:
				words = content.split()
				for word in words:
					if "mi-" in word:
						tagvalue = word
						print 'tagvalue: %s' % tagvalue
						create_tags = ec2client.create_tags(Resources=[str(tagInstance)],Tags=[{'Key':'NonProdManagedInstanceid', 'Value':tagvalue }])
						print 'create_tags:'
						tagresponse = create_tags['ResponseMetadata']['HTTPStatusCode']
						# print tagresponse
						if tagresponse == 200:
							print 'Successfully tagged instanceid: %s' % tagInstance
						else:
							print 'Activation failed for instanceid: %s\n' % tagInstance
    

def Activation(InstanceID):
	REGION="us-east-1"
	# Getting the AWS credentials from the IAM role
	mysession = session.Session()
	credentials = mysession.get_credentials()

	#Getting Activation ID and Code from parameter store
	ssm = boto3.client('ssm',region_name=REGION)
	s3 = boto3.resource('s3')
	ec2client = boto3.client('ec2', region_name='us-east-1')

	activation_id = ssm.get_parameter(Name='ActivationID')
	ActivationID = activation_id['Parameter']['Value']
	activation_code = ssm.get_parameter(Name='ActivationCode')
	ActivationCode = activation_code['Parameter']['Value']
	
	myprefix = InstanceID+'-nonprod'
	
	print 'Platform type: Linux'
	client = boto3.client('ssm', region_name='us-east-1')
	response = client.send_command(
		InstanceIds=[InstanceID],
		DocumentName='AWS-RunShellScript',
		DocumentVersion='1',
		Parameters={
			'commands': [
				'sudo amazon-ssm-agent -register -y -code %s -id %s -region us-east-1' % (ActivationCode, ActivationID)
				]
		}, 
		OutputS3Region='us-east-1',
		OutputS3BucketName='bose-mi-instances',
		OutputS3KeyPrefix=myprefix
	)
	# print "response:"
	# print response
	time.sleep(3)
	return InstanceID
	
	
def lambda_handler(event, context):
    toBetaggedInstanceid = []
    currentregion = 'us-east-1'
    # ec2client = boto3.client('ec2', region_name=currentregion)
    ec2 = boto3.resource('ec2', region_name=currentregion)
    
    running_instances = ec2.instances.filter(Filters=[{'Name': 'instance-state-name', 'Values': ['running']}])
    
    # running_instances = ec2.instances.filter(Filters=[{
				# 							'Name': 'tag-value',
				# 							'Values': ['amazon']
				# 				        	    }
				# 		        	        ]
				# 		)
	

    myid = []
    for instance in running_instances:
        myid.append(instance.id)
    
    ssmclient = boto3.client('ssm')
    ec2client = boto3.client('ec2', region_name='us-east-1')
    
    for instanceid in myid:
    	platform = ssmclient.describe_instance_information(InstanceInformationFilterList=[{'key':'InstanceIds','valueSet':[instanceid] }])

    	for plt in platform['InstanceInformationList']:
    		platformtype = plt['PlatformType']
    		ec2_attached_tags = ec2client.describe_instances(Filters=[{'Name': 'tag-key','Values': ['NonProdManagedInstanceid']}],InstanceIds=[instanceid])
        
	        if platformtype == 'Linux':
	        	if not ec2_attached_tags['Reservations']:
	        		instid = Activation(instanceid)
	        		toBetaggedInstanceid.append(instid)
	        	else:
	        		print 'InstanceId: %s is already Activated' % instanceid
	
	
	taggingInstanceid = ''
	print 'all instances'
	print toBetaggedInstanceid
	for taggingInstanceid in toBetaggedInstanceid:
		tagging(taggingInstanceid)

 

Step 4 – Create one role SSMManager Full Access and attach this role to all ec2 instances

.

Step 5- permissions to access Systems Manager Parameter Store and create EC2 tags. Policy Created i.e. IAM – POLICY – policy name (ssm-paraemter)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:CreateTags",
                "ec2:DescribeInstances"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": "*"
        }
    ]
}

Step 6-After they are registered, the EC2 Instances in other accounts will appear in the EC2 console, in the Central IT account i.e. shared account , Managed Instances section of System Manager aws service. They are identified by the same managed ID that was returned during activation process.

“If you are passionate about technology and like to share your knowledge or the latest on technology, mail us on info@saniconservices.com and get featured on our blog page”

I hope you find this program useful to create centralized Linux Instances of Multiple Accounts and Cross-Platform EC2 Instances Using AWS Systems Manager.

About SANICON IT SERVICES PVT. LTD.: Over the years SANICON – A One-Stop Cloud Solution Company have provided the most credible cutting-edge IT technology & services across various domains which helped customers around the world to start and grow their businesses and their digital transformation to cloud.

Reach out to us today at sales@saniconservices.com to get a reliable and affordable cloud managed service and IT technology partner

Visit website www.saniconservices.com to learn more about all great products and services offered.

Leave a Reply

Your email address will not be published. Required fields are marked *