<img src="https://certify.alexametrics.com/atrk.gif?account=VdU0q1FYxz20cv" style="display:none" height="1" width="1" alt="">
Embotics Cloud Management Blog

Enhancing Embotics vCommander with the AWS CLI

As your enterprise matures, it’s inevitable that the cloud you manage will change. You may even want to empower users with advanced functionality, but that doesn’t mean you want to grant them direct access to your cloud infrastructure in order to do so. After all, they’re already familiar with the vCommander™ interface, and you’ve got the organization accustomed to Embotics® vCommander’s request and approval workflows. What you need is a way to enhance your vCommander workflows with the advanced functionality of your infrastructure, but in a way that only exposes what you choose to expose.

This article is for vCommander administrators who manage resources on the Amazon public cloud and are looking to enhance the functionality offered to end users by interacting with Amazon Web Services in a controlled fashion.

The setup

Download the AWS Command Line Interface and install it on your vCommander server.

Once the installation is complete, run the command aws configure. The command will prompt you for your AWS Access Key ID and Secret Access Key. This step is optional, but it saves you from having to embed the Access Key details in your vCommander scripts.

Keeping in mind that the AWS CLI command output is in JSON format, you may find it useful to install a command-line JSON processor. In the examples below, I’m using jq for this purpose.

What you need to know about vCommander variables

Variables provide access to vCommander metadata, allowing integration with other systems. You can use variables in workflows by passing variables to workflow scripts and by inserting variables in workflow emails.

Some AWS CLI commands require different parameters depending on whether the Amazon EC2 instance resides in EC2-Classic or in a VPC. We can use conditional step execution to control this with the following conditions:

EC2-Classic items: #{target.virtualCloud.name} -eq "EC2-Classic"
EC2-VPC items: #{target.virtualCloud.name} -ne "EC2-Classic"

When it comes to running the scripts themselves, most commands in the AWS CLI require the region name, which can be accessed with the variable #{target.region.name}. Finally, you may also need to use the variable #{target.remoteId} in order to use the instance ID in your script. Depending on your particular use case, you may also want to use the output from a script in a later step. To do this, use the variable #{steps['step name'].output} to use the output from a previous step.

Invoking the AWS CLI using vCommander command workflows

Each AWS CLI command follows this format:
aws [options] <command> <subcommand> [parameters]

You can pipe the output of the command into a JSON processor to extract the information you’re looking for.

You can use vCommander variables to call the AWS CLI from a vCommander command workflow. Command workflows can be run on a deployed service in vCommander or the Service Portal. They can also be scheduled to run later.

From the Configuration Menu, select Command Workflows. Click Add to start the wizard.

Allocating and associating an Elastic IP to an EC2 instance

Our first example allocates and associates an Elastic IP address to an EC2 instance. On the Steps page of the wizard, add several Execute Script steps:

blg-aws-elastic-ip.png

 

 

 

 

 

 

Allocating and assigning an Elastic IP to an EC2 instance with the AWS CLI

Step 1: Allocate EC2 Classic IP

Execution Condition:
#{target.virtualCloud.name} -eq EC2-Classic

Command Line:
cmd /c "aws ec2 allocate-address --region #{target.region.name} | jq -r .PublicIp"

Step 2: Associate EC2 Classic IP

Execution Condition:
#{target.virtualCloud.name} -eq EC2-Classic

Command Line:
cmd /c "aws ec2 associate-address --region #{target.region.name} --instance-id #{target.remoteId} --public-ip #{steps['Allocate EC2 Classic IP'].output}"

Step 3: Allocate VPC IP

Execution Condition:
#{target.virtualCloud.name} -ne EC2-Classic

Command Line:
cmd /c "aws ec2 allocate-address --region #{target.region.name} --domain vpc | jq -r .AllocationId"

Step 4: Associate VCP IP

Execution Condition:
#{target.virtualCloud.name} -ne EC2-Classic

Command Line:
cmd /c "aws ec2 associate-address --region #{target.region.name} --instance-id #{target.remoteId} --allocation-id #{steps['Allocate VPC IP'].output}"

You can also add additional steps, such as a preliminary step to send an approval email.

Deallocating and releasing an Elastic IP from an EC2 instance

Our second example deallocates and releases an Elastic IP address from an EC2 instance. Add the following Execute Script steps to a new command workflow:

blg-aws-unassign-ip.png


Deallocating and releasing an Elastic IP from an EC2 instance with the AWS CLI

Step 1: Disassociate EC2 Classic IP

Execution Condition:
#{target.virtualCloud.name} -eq EC2-Classic

Command Line:
cmd /c "aws ec2 disassociate-address --region #{target.region.name} --public-ip #{target.ipAddress}”

Step 2: Release EC2 Classic IP

Execution Condition:
#{target.virtualCloud.name} -eq EC2-Classic

Command Line:
cmd /c "aws ec2 release-address --region #{target.region.name} --public-ip #{target.ipAddress}”

Step 3: Retrieve Association ID

Execution Condition:
#{target.virtualCloud.name} -ne EC2-Classic

Command Line:
cmd /c "aws ec2 describe-addresses  --region #{target.region.name} --public-ips #{target.ipAddress} | jq -r .Addresses[].AssociationId"

Step 4: Disassociate VPC IP

Execution Condition:
#{target.virtualCloud.name} -ne EC2-Classic

Command Line:
cmd /c "aws ec2 disassociate-address --region #{target.region.name} --association-id #{steps['Retrieve Association Id'].output}"

Step 5: Retrieve Allocation ID

Execution Condition:
#{target.virtualCloud.name} -ne EC2-Classic

Command Line:
cmd /c "aws ec2 describe-addresses  --region #{target.region.name} --public-ips #{target.ipAddress} | jq -r .Addresses[].AllocationId"

Step 6: Release VPC IP

Execution Condition:
#{target.virtualCloud.name} -ne EC2-Classic

Command Line:
cmd /c "aws ec2 release-address --region #{target.region.name} --allocation-id #{steps[5].output}"

Run the workflow

Once you’ve saved the workflow, you can run it. Right-click an EC2 instance in the vCommander Operational tree and select Run Workflow. After the scripts have run, right-click your AWS managed system and select Synchronize Inventory to trigger an update from AWS.

Now you’ll be able to use the Open Connection commands to connect to your instance, even though it’s in a VPC.

Try it yourself

The AWS CLI is well documented and offers a lot of advanced functionality with a simple interface. When combined with vCommander’s powerful, easy-to-use interface, you have a great opportunity to tailor your self-service environment to meet your specific needs and the needs of your customers.

Topics: Solutions Integrations AWS ITaaS