Atlassian-labs/peerd AWS VPC Peering tool. Create full VPC meshes easily

栏目: IT技术 · 发布时间: 4年前

内容简介:peerd is an AWS VPC Peering Connection management tool. It manages the full lifecycle of creation, deletion and route table updates needed to make VPC peerings useful. USA Patent Pending 15/788,229.peerd will assume a role with the same principal name in e

peerd

peerd is an AWS VPC Peering Connection management tool. It manages the full lifecycle of creation, deletion and route table updates needed to make VPC peerings useful. USA Patent Pending 15/788,229.

./peerd.py --help
usage: peerd.py [-h] [--debug] --config CONFIG --environment ENVIRONMENT

AWS VPC Peering Management Tool

optional arguments:
  -h, --help            show this help message and exit
  --debug               Set log-level to DEBUG
  --config CONFIG, -c CONFIG
                        Path to configuration file
  --environment ENVIRONMENT, -e ENVIRONMENT
                        Only execute the script on this environment
  --dryrun, -d          Only check for peerings which might be created or deleted. No changes made to mesh.

Capabilities

  • Capable of creating and accepting cross-account VPC peerings.
  • Capable of creating and accepting cross-region VPC peerings.
  • Injects, repairs and removes routes as needed from VPC routing tables.
  • Overlapping meshes supported through the use of different environment names in configuration file.

Requirements

Route Tables

  • peerd will only manage routes in route tables with the tag peerd_eligible:true
  • Route tables must be tagged with Key: peerd_eligible Value: true

Authentication

peerd will assume a role with the same principal name in each account it needs to perform work in.

Setup / Installation

# Install python 3.8 or higher if needed
brew install python@3.8

# Verify version
$ python3 --version
Python 3.8.1

# Verify python path (may be different if using brew)
$ which python3
/Library/Frameworks/Python.framework/Versions/3.8/bin/python3

# Create a virtual environment
mkvirtualenv peerd -p python3

# Activate virtual environment
workon peerd

# Install requirements
pip install -r requirements.txt

Configuration file

Metadata block

peerd

VPC blocks

  • myfirstenvironment: Used to deduplicate VPC peerings and allow overlaping meshes.
  • account_id: The account id where this VPC exists.
  • vpc_id: The VPC which will be part of the VPC peering mesh.
  • region: The AWS region where the VPC exists.
  • note: Freeform. Not used for anything.
  • cidr_overrides: Override the discovered CIDRs associated with this VPC when installing on remote sides of peerings. Useful if you only want to share a slice of a VPC CIDR range(s).
  • peering_tags: Any custom tags you wish peerd to apply to the VPC peering connections it creates.

Example

In the following example, VPCs across multiple regions and accounts will be peered together into a two overlapping meshes. Route tables in each VPC with tag peerd_eligible:true on said route tables will be updated. Unassumable account numbers, principals and non-existent VPCs will be skipped.

---
metadata:
  resource_owner: myname
  business_unit: PaaS
  service_name: peerd
  support: network-team@acme.org
  common_principal_name: peerd-bot
  role_session_name: peerd
environments:
  myfirstenvironment:
    - account_id: '415433457294'
      vpc_id: vpc-bi37c2c47
      region: ap-southeast-2
      note: peerd test vpc1
      cidr_overrides:
        - 192.168.4.0/24
      peering_tags:
        my_custom_taga: '0'
    - account_id: '415433457294'
      vpc_id: vpc-vb787854
      region: ap-southeast-2
      note: peerd test vpc2
      cidr_overrides:
        - 10.53.101.32/27
        - 10.53.128.128/25
        - 192.168.2.0/24
        - 2.2.2.0/24
      peering_tags:
         my_custom_tagb: '1'
    - account_id: '415433457294'
      vpc_id: vpc-v52oby8v7
      region: ap-southeast-2
      note: peerd test vpc3
    - account_id: '415433457294'
      vpc_id: vpc-2378vby38vb348
      region: ap-southeast-1
      note: peerd test vpc4
    - account_id: '415433457294'
      vpc_id: vpc-8tv23o87yv4
      region: ap-southeast-1
      note: vpc does not exist, will be skipped
    - account_id: '123456789012'
      vpc_id: vpc-abc12345
      region: ap-southeast-2
      note: account does not exist, will be skipped
    - account_id: '4375823475902'
      vpc_id: vpc-7834bcri234bcr
      region: us-east-1
      note: peerd test vpc5
  myseecondenvironment:
    - account_id: '415433457294'
      vpc_id: vpc-2378vby38vb348
      region: ap-southeast-1
      note: peerd test vpc4
    - account_id: '4375823475902'
      vpc_id: vpc-23754cn5b38bc
      region: us-east-2
      note: peerd test vpc6

Running / Executing

./peerd.py --config ./build-test-config/config.yaml --environment myfirstenvironment

Deleting a peering

Simply remove the vpc block from the configuration file then re-run the tool. Note: Only remove one VPC at a time, the tool does not keep state. If multiple VPCs are removed at once, then it is possible to create isolated peerings that are not cleaned up.

For example, if a mesh contains VPCs: A B C D E, to remove D and E from the mesh, first remove D from the config and run the tool, then E and run the tool again. If D and E are removed at the same time, a peering would persist between D and E despite all others with A B and C being cleaned up.

Thanks

Shane Anderson, Nicolas Meessen, Abdul Karim, James Flemming, Michael Gehrmann, Joshua Baldock, Haishan Du, Rui Meireles, Brock Campbell

License

Copyright (c) 2020 Atlassian and others. Apache 2.0 licensed, see LICENSE file.


以上所述就是小编给大家介绍的《Atlassian-labs/peerd AWS VPC Peering tool. Create full VPC meshes easily》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

疯长

疯长

[美]肖恩· 阿美拉蒂 / 中信出版集团 / 2018-10 / 45

实现财务回报以及扩大影响力是企业家长期关注和讨论的问题。 为什么有些公司实现了10倍的投资回报,而其他的则勉力支撑?产品类似的公司,为什么有的家喻户晓,有的默默无闻直至退出市场…… 为了了解真相,作者阿美拉蒂在这本书中精选10组对照公司,比如,同为社交平通的Facebook(脸谱网)和Friendster(交友网),同为快餐领域先驱的麦当劳和白色城堡,再比如都在开发电动汽车市场的特斯拉......一起来看看 《疯长》 这本书的介绍吧!

URL 编码/解码
URL 编码/解码

URL 编码/解码

SHA 加密
SHA 加密

SHA 加密工具

RGB HSV 转换
RGB HSV 转换

RGB HSV 互转工具