Enable bluegreen script to assume a role in the target account (#22)

* Enable bluegreen script to assume a role in the target account * Small fixes
skyscrapers · Feb 1, 2019 · 6eb1464 · 6eb1464
1 parent 62f8299
commit 6eb1464
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 8 deletions.
diff --git a/bluegreen.py b/bluegreen.py
@@ -9,10 +9,10 @@
 
 
 def main(argv):
-    helptext = 'bluegreen.py -f <path to terraform project> -a <ami> -c <command> -t <timeout> -e <environment.tfvars> -i <inactive-desired> <path>'
+    helptext = 'bluegreen.py -f <path to terraform project> -a <ami> -c <command> -t <timeout> -e <environment.tfvars> -i <inactive-desired> [-r <assume-role-arn>]'
 
     try:
-        opts, args = getopt.getopt(argv, "hsf:a:c:t:e:i:", ["folder=", "ami=", "command=", "timeout=", "environment=", "inactive-desired="])
+        opts, args = getopt.getopt(argv, "hsf:a:c:t:e:i:r:", ["folder=", "ami=", "command=", "timeout=", "environment=", "inactive-desired=", "role-arn="])
     except getopt.GetoptError:
         print helptext
         sys.exit(2)
@@ -34,6 +34,8 @@ def main(argv):
                 environment = arg
             elif opt in ("-i", "--inactive-desired"):
                 inactiveDesired = arg
+            elif opt in ("-r", "--role-arn"):
+                assumeRoleArn = arg
             elif opt in ("-s"):
                 stopScaling = True
     else:
@@ -62,6 +64,9 @@ def main(argv):
     if 'inactiveDesired' not in locals():
         inactiveDesired = 1
 
+    if 'assumeRoleArn' not in locals():
+        assumeRoleArn = None
+
     if 'stopScaling' not in locals():
         stopScaling = False
 
@@ -73,6 +78,10 @@ def main(argv):
     agBlue = getTerraformOutput(projectPath, 'blue_asg_id')
     agGreen = getTerraformOutput(projectPath, 'green_asg_id')
 
+    # Get a boto3 session
+    global awsSession
+    awsSession = getBotoSession(assumeRoleArn)
+
     # Retrieve autoscaling groups information
     info = getAutoscalingInfo(agBlue, agGreen)
 
@@ -109,6 +118,24 @@ def main(argv):
             print 'Deactivating the autoscaling'
             stopAutoscaling(info, active, ami, command, projectPath, environment)
 
+def getBotoSession(assumeRoleArn):
+    if assumeRoleArn:
+        sts_client = boto3.client('sts')
+
+        # Call the assume_role method of the STSConnection object and pass the role
+        # ARN and a role session name.
+        assumed_role_object = sts_client.assume_role(
+            RoleArn = assumeRoleArn,
+            RoleSessionName = "bluegreen"
+        )
+
+        return boto3.Session(
+            aws_access_key_id = assumed_role_object['Credentials']['AccessKeyId'],
+            aws_secret_access_key = assumed_role_object['Credentials']['SecretAccessKey'],
+            aws_session_token = assumed_role_object['Credentials']['SessionToken'],
+        )
+    else:
+        return boto3.Session()
 
 def getTerraformOutput(projectPath, output):
     process = subprocess.Popen('terraform output ' + output, shell=True, cwd=projectPath, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -122,7 +149,7 @@ def getTerraformOutput(projectPath, output):
 
 
 def getAutoscalingInfo(blue, green):
-    client = boto3.client('autoscaling')
+    client = awsSession.client('autoscaling')
     response = client.describe_auto_scaling_groups(
         AutoScalingGroupNames=[
             blue,
@@ -141,7 +168,7 @@ def getLoadbalancers(info, type):
 
 
 def getAmi(launchconfig):
-    client = boto3.client('autoscaling')
+    client = awsSession.client('autoscaling')
     response = client.describe_launch_configurations(
         LaunchConfigurationNames=[
             launchconfig,
@@ -152,7 +179,7 @@ def getAmi(launchconfig):
 
 
 def getLaunchconfigDate(launchconfig):
-    client = boto3.client('autoscaling')
+    client = awsSession.client('autoscaling')
     response = client.describe_launch_configurations(
         LaunchConfigurationNames=[
             launchconfig,
@@ -322,7 +349,7 @@ def updateAutoscaling(command, blueMax, blueMin, blueDesired, blueAMI, greenMax,
 
 
 def checkScalingStatus(elbs, albs, desiredInstanceCount):
-    client = boto3.client('elb')
+    client = awsSession.client('elb')
     for elb in elbs:
         response = client.describe_instance_health(
             LoadBalancerName=elb
@@ -334,7 +361,7 @@ def checkScalingStatus(elbs, albs, desiredInstanceCount):
             print 'ELB: ' + state['State']
             if state['State'] != 'InService':
                 return False
-    client = boto3.client('elbv2')
+    client = awsSession.client('elbv2')
     for alb in albs:
         response = client.describe_target_health(
             TargetGroupArn=alb,

diff --git a/deploy-bluegreen.yml b/deploy-bluegreen.yml
@@ -11,6 +11,7 @@ params:
   TF_VERSION: "0.11.7"
   AWS_DEFAULT_REGION: eu-west-1
   TF_ENVIRONMENT:
+  ASSUME_ROLE_ARN:
 
 inputs:
 - name: terraform-repo
@@ -45,4 +46,4 @@ run:
     terraform init
     terraform workspace select $TF_ENVIRONMENT
     # Deploy
-    $WORKDIR/terraform-bluegreen/bluegreen.py -f $WORKDIR/terraform-repo/$TF_PROJECT_FOLDER -a $AMI_ID -c "apply -auto-approve" -t 500 -e $WORKDIR/terraform-repo/$TF_PROJECT_FOLDER/$TF_ENVIRONMENT.tfvars
+    $WORKDIR/terraform-bluegreen/bluegreen.py -f $WORKDIR/terraform-repo/$TF_PROJECT_FOLDER -a $AMI_ID -c "apply -auto-approve" -t 500 -e $WORKDIR/terraform-repo/$TF_PROJECT_FOLDER/$TF_ENVIRONMENT.tfvars -r $ASSUME_ROLE_ARN