I'm in the process of doing some service provider evaluation that requires some network tests to be run from various locations around the world. Using vpn's might provide a way to do this, but I've been playing around with AWS lately, so I thought I would give EC2 scripting a try. The code below was created for Powershell with AWS modules on a Linux machine. The basic concept is go create a single small Amazon Linux 2 image machine in a specified region, connect to it via SSH and run whatever commands you want. Using the linux ssh client, you can provide a command to run on the remote machine, or multiple commands separated with semicolons. The client connects, output is on your local terminal, and the connection ends after the commands run.
This script isn't designed for much error handling, but it does look for a local keypair file if you already have one that you want to use. In this scenario, you will need to provide the file name of the .pem file and the name of the keypair (the AWS EC2 name of it). If you don't provide one, the script creates a new one for you. It doesn't clean up the keypair or the security group that it creates, but it will terminate the new EC2 instance at the end of the function call. Since the code is wrapped in a function, you can run a through a list of regions or a list of regions + keypair info to execute commands across several regions.
function run-test {
param(
[string][parameter(mandatory=$true)]$region,
[string][parameter(mandatory=$true)]$command,
$keypairFileName, $kpname)
if ([string]::isnullorempty($keypairfilename) -or
(-not (test-path $keypairfilename))) {
#no keypair file provided or found, create a temp one
$kp = new-ec2keypair -keyname $($region + "-tempkp") -region $region
$keypairFileName = $region + "-tempkp.pem"
$kpname = $region + "-tempkp"
$kp.KeyMaterial | Out-File -Encoding ascii $keypairfilename
chmod 600 $keypairfilename #for linux
}
#get most recent Amazon Linux 2 image
$id = Get-EC2Image -Owner amazon -Region $region |
where {$_.name -match "amzn2*" -and $_.architecture -eq "x86_64"
-and $_.platformDetails -match "Linux"
-and $_.rootdevicetype -eq "ebs"
-and $_.virtualizationType -eq 'hvm'} |
sort-object creationdate |
select -last 1 |
select -expand imageid
#create a security group for the launch with SSH ingress allowed
$secgroup = get-ec2securitygroup -region $region |
where {$_.description -eq "SSH-only"} |select -exp groupid
if ($secgroup -eq $null) {
New-EC2SecurityGroup -region $region -GroupName "SSH-only" -description "SSH-only"
$secgroup = get-ec2securitygroup -region $region |
where {$_.description -eq "SSH-only"} |select -exp groupid
$cidrBlocks = New-Object 'collections.generic.list[string]'
$cidrBlocks.add("0.0.0.0/0")
$ipPermissions = New-Object Amazon.EC2.Model.IpPermission
$ipPermissions.IpProtocol = "tcp"
$ipPermissions.FromPort = 22
$ipPermissions.ToPort = 22
$ipPermissions.IpRanges = $cidrBlocks
Grant-EC2SecurityGroupIngress -Groupid $secgroup
-IpPermissions $ipPermissions -region $region
}
$instance = New-EC2Instance -Region $region -ImageId $id -Instancetype t3.nano
-KeyName $kpname -AssociatePublicIp $true -securitygroupid $secgroup
$publicname = $null
while ($publicname -eq $null) {
sleep 5
$publicname = (get-ec2instance $instance.Instances.instanceid
-region $region).instances.publicdnsname
}
sleep 30
ssh -i $keypairfilename ec2-user@$publicname $command
Remove-EC2Instance -Instanceid $instance.Instances.instanceid -force -region $region
}
#sample execution
$command = 'ping -c 10 server1.test.com ; ping -c 10 server2.test.com ;
sudo yum install traceroute -y; sudo yum install bind-utils -y ;
sudo traceroute -n server1.test.com; sudo traceroute -n server2.test.com ;
nslookup -type=TXT test.com ; nslookup -type=SOA test.com;
nslookup -type=txt test.com 8.8.8.8'
run-test -region ap-southeast-1 -command $command
No comments:
Post a Comment