infrahouse_toolkit.aws package

Subpackages

• infrahouse_toolkit.aws.tests package
  • Subpackages
    • infrahouse_toolkit.aws.tests.config package
      • Submodules
      • infrahouse_toolkit.aws.tests.config.test_aws_home module
      • infrahouse_toolkit.aws.tests.config.test_get_account_id module
      • infrahouse_toolkit.aws.tests.config.test_get_region module
      • infrahouse_toolkit.aws.tests.config.test_get_sso_region module
      • infrahouse_toolkit.aws.tests.config.test_profiles module
      • Module contents
  • Module contents

Submodules

infrahouse_toolkit.aws.asg module

Module for ASG class - a class to work with Autoscaling group.

class infrahouse_toolkit.aws.asg.ASG(asg_name: str)

Bases: object

AWS Autoscaling group.

cancel_instance_refresh()

Cancel all instance refreshes.

complete_lifecycle_action(hook_name='terminating', result='CONTINUE', instance_id=None)

Completes the lifecycle hook. See details on https://docs.aws.amazon.com/autoscaling/ec2/userguide/completing-lifecycle-hooks.html

Parameters:

• hook_name (str) – Hook name.

• result (str) – Result of the hook. Can be either CONTINUE or ABANDON.

• instance_id (str) – EC2 instance_id for which complete the hook. If not given, assume the local instance.

property instance_refreshes: List[Dict]

Returns:

List of ASG instance refresh tasks.

property instances: List[ASGInstance]

Returns:

List of EC2 instances in the autoscaling group.

infrahouse_toolkit.aws.asg_instance module

Module for ASGInstance class - a class to describe and work with an instance that is a part of an Autoscaling group.

class infrahouse_toolkit.aws.asg_instance.ASGInstance(instance_id: str = None)

Bases: EC2Instance

ASGInstance is an EC2 instance that is a part of an autoscaling group. Because it’s an EC2 instance, ASGInstance inherits EC2Instance.

property asg_name: str

Returns:

Name of an autoscaling group that this instance is a part of.

property lifecycle_state: str

Returns:

Lifecycle state of the instance. See https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-lifecycle.html for possible values.

mark_unhealthy()

Tell the autoscaling group that this instance is not healthy and should be replaced.

infrahouse_toolkit.aws.config module

Module for AWSConfig class.

class infrahouse_toolkit.aws.config.AWSConfig(aws_home=None)

Bases: object

Class AWSConfig parses AWS CLI config file, ~/.aws/config by default, and provides a convenient interfaces to certain configuration options.

Parameters:

aws_home (str) – Path to a directory with AWS configs. By default, ~/.aws/.

property aws_home

Path to AWS config directory.

property config_parser: ConfigParser

ConfigParser object that represents ~/.aws/config.

property config_path

Path to AWS config file.

get_account_id(profile_name)

Read account id for given profile.

get_region(profile_name)

Read AWS region for given profile.

get_role(profile_name)

Read AWS IAM role for given profile.

get_sso_region(profile_name)

For a given profile, find SSO region

get_start_url(profile_name)

Read SSO URL for given profile.

property profiles: list

List of configured AWS profiles.

property regions: list

Return a list of all AWS regions

infrahouse_toolkit.aws.ec2_instance module

Module for EC2Instance class - a class tha represents an EC2 instance.

class infrahouse_toolkit.aws.ec2_instance.EC2Instance(instance_id: str = None)

Bases: object

EC2Instance represents an EC2 instance.

Parameters:

instance_id (str) – Instance id. If omitted, the local instance is read from metadata.

property availability_zone: str

Returns:

Availability zone where this instance is hosted.

property instance_id: str

Returns:

The instance’s instance_id. It’s read from metadata if the class instance was created w/o specifying it.

property state: str

Returns:

EC2 instance state e.g. Running, Terminated, etc.

property tags: dict

Returns:

A dictionary with the instance tags. Keys are tag names, and values - the tag values.

infrahouse_toolkit.aws.exceptions module

Top level exceptions.

The exception hierarchy repeats the structure of the infrahouse_toolkit package. Each module in the package has its own exceptions.py module. The module exceptions are inherited from the upper module exceptions.

exception infrahouse_toolkit.aws.exceptions.IHAWSException

Bases: IHException

AWS related InfraHouse exception

infrahouse_toolkit.aws.resource_discovery module

AWS resource discovery via the Resource Groups Tagging API.

Uses infrahouse-core resource classes for existence checks (resource.exists) and deletion (resource.delete()). This module is thin orchestration — service-specific logic lives in infrahouse-core.

class infrahouse_toolkit.aws.resource_discovery.EBSVolume(volume_id: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for EBS volumes.

delete() → None

Detach (if attached) and delete the volume.

property exists: bool

Return True if the volume still exists and is not deleted.

class infrahouse_toolkit.aws.resource_discovery.ECSCapacityProvider(name: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for ECS capacity providers.

delete() → None

Delete the capacity provider.

property exists: bool

Return True if the capacity provider is ACTIVE.

class infrahouse_toolkit.aws.resource_discovery.ECSCluster(cluster_name: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for ECS clusters.

delete() → None

Delete the cluster.

property exists: bool

Return True if the cluster is ACTIVE.

class infrahouse_toolkit.aws.resource_discovery.ECSService(cluster: str, service_name: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for ECS services.

Deletion sets desiredCount to 0, then deletes the service with force=True to remove it even when tasks are still running.

delete() → None

Scale to zero and force-delete the service.

property exists: bool

Return True if the service is ACTIVE or DRAINING.

class infrahouse_toolkit.aws.resource_discovery.ECSTaskDefinition(arn: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for ECS task definitions.

Deletion is a two-step process: deregister (ACTIVE -> INACTIVE), then delete_task_definitions to permanently remove. No dependency teardown needed, so a full infrahouse-core class would be overkill.

delete() → None

Deregister and then permanently delete the task definition.

AWS requires deregistration (ACTIVE -> INACTIVE) before a task definition can be deleted. Already-INACTIVE revisions skip straight to deletion.

property exists: bool

Return True if the task definition is ACTIVE or INACTIVE.

Both ACTIVE and INACTIVE revisions still exist in AWS and appear in the Resource Groups Tagging API. We must report INACTIVE ones as existing — otherwise they become invisible to the delete command.

Revisions in DELETE_IN_PROGRESS state are treated as gone because the deletion has already been requested.

class infrahouse_toolkit.aws.resource_discovery.KeyPair(key_pair_id: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for EC2 key pairs.

delete() → None

Delete the key pair.

property exists: bool

Return True if the key pair still exists.

class infrahouse_toolkit.aws.resource_discovery.LaunchTemplate(template_id: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for EC2 launch templates.

delete() → None

Delete the launch template.

property exists: bool

Return True if the launch template still exists.

class infrahouse_toolkit.aws.resource_discovery.NetworkInterface(eni_id: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for EC2 network interfaces.

Supports existence checks and deletion with automatic force-detach when the ENI is still attached.

delete() → None

Detach (if attached) and delete the network interface.

property exists: bool

Return True if the network interface still exists.

class infrahouse_toolkit.aws.resource_discovery.SecurityGroupRule(rule_id: str, region: str = None, session: Session = None)

Bases: object

Minimal wrapper for EC2 security group rules.

delete() → None

Delete the security group rule.

property exists: bool

Return True if the security group rule still exists.

infrahouse_toolkit.aws.resource_discovery.find_iam_roles_by_tag(session: Session, tag_key: str, tag_value: str | None = None) → List[Dict]

Find IAM roles matching a tag using the direct IAM API.

The Resource Groups Tagging API sometimes misses IAM roles, so this function provides a fallback by enumerating all roles and checking their tags.

Parameters:

• session – Authenticated boto3 session.

• tag_key – Tag key to search for.

• tag_value – Tag value to match. When None, matches any role that has tag_key regardless of value.

Returns:

List of dicts with arn, tags, and exists keys.

infrahouse_toolkit.aws.resource_discovery.find_resources_by_tags(session: Session, tag_filters: List[Dict], verify: bool = True) → List[Dict]

Find all resources matching one or more tag key/value pairs.

Uses the Resource Groups Tagging API with supplemental direct IAM enumeration. When multiple tag filters are provided they are combined with AND logic.

Each filter dict must contain "key" and may contain "value". When "value" is omitted the filter matches any resource that carries the tag key, regardless of value.

Parameters:

• session – Authenticated boto3 session.

• tag_filters – List of {"key": "<key>"} or {"key": "<key>", "value": "<value>"} dicts.

• verify – When True, verify each resource still exists via the infrahouse-core resource.exists property.

Returns:

List of dicts with arn, tags, and exists keys.

infrahouse_toolkit.aws.resource_discovery.format_resources_arns(resources: List[Dict], show_deleted: bool = False) → str

Format discovered resources as bare ARNs, one per line.

Parameters:

• resources – List of resource dicts from find_resources_by_tags().

• show_deleted – Include stale/deleted resources in the output.

Returns:

Newline-separated ARN string.

infrahouse_toolkit.aws.resource_discovery.format_resources_json(resources: List[Dict], show_deleted: bool = False) → str

Format discovered resources as JSON.

Parameters:

• resources – List of resource dicts from find_resources_by_tags().

• show_deleted – Include stale/deleted resources in the output.

Returns:

JSON string.

infrahouse_toolkit.aws.resource_discovery.format_resources_table(resources: List[Dict], show_deleted: bool = False, show_tags: bool = True) → str

Format discovered resources as a tabulate grid table.

When show_tags is True the output includes a Tags column with JSON-formatted tag key/value pairs, similar to ih-ec2 list --tags.

Parameters:

• resources – List of resource dicts from find_resources_by_tags().

• show_deleted – Include stale/deleted resources in the output.

• show_tags – Include a Tags column in the table.

Returns:

Formatted string ready for printing.

infrahouse_toolkit.aws.resource_discovery.parse_arn(arn: str) → Dict[str, str | None] | None

Parse an ARN into its components.

ARN format: arn:partition:service:region:account-id:resource-type/resource-id or: arn:partition:service:region:account-id:resource-type:resource-id

Parameters:

arn – Amazon Resource Name string.

Returns:

Dictionary with keys partition, service, region, account, resource, resource_type, and resource_id. Returns None when the ARN cannot be parsed.

infrahouse_toolkit.aws.resource_discovery.resource_for_arn(arn: str, region: str = None, role_arn: str = None, session: Session = None)

Instantiate an infrahouse-core resource class for the given ARN.

Parameters:

• arn – Amazon Resource Name.

• region – AWS region override (uses the ARN region when None).

• role_arn – IAM role ARN for cross-account access.

• session – Authenticated boto3 session. When provided the resource class uses this session for all API calls (e.g. inheriting --aws-profile credentials).

Returns:

An infrahouse-core resource instance with exists / delete() interface, or None when no matching class is available.

Module contents

AWS classes.

Deprecated since version Use: infrahouse_core.aws instead. Functions in this module will be removed in a future release.

infrahouse_toolkit.aws.assume_role(role_arn, region=None) → dict

Assume a given role and return a dictionary with credentials.

Parameters:

• role_arn (str) – Role to be assumed.

• region (str) – AWS region name.

Returns:

A dictionary with three keys: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and

infrahouse_toolkit.aws.aws_sso_login(aws_config: AWSConfig, profile_name: str, region: str = None)

Login into AWS using SSO.

Credit: https://stackoverflow.com/questions/62311866/how-to-use-the-aws-python-sdk-while-connecting-via-sso-credentials

infrahouse_toolkit.aws.get_aws_client(service_name: str, profile: str, region: str, session=None)

Get a client instance for an AWS service.

Deprecated since version Use: infrahouse_core.aws.get_aws_client instead.

Parameters:

• service_name – AWS service e.g. ec2.

• profile – AWS profile for authentication.

• region – AWS region.

• session (Session) – if an AWS session is passed, use it to create a client.

Returns:

A client instance.

infrahouse_toolkit.aws.get_aws_session(aws_config: AWSConfig, aws_profile: str, aws_region: str) → Session

Deprecated since version Use: infrahouse_core.aws.get_aws_session instead.

Parameters:

• aws_config –

• aws_profile –

• aws_region –

Returns:

Authenticated AWS session, or None if boto3 can connect to AWS without extra steps.

infrahouse_toolkit.aws.get_client(service_name, role_arn=None, region=None, session_name='infrahouse_toolkit.aws')

Get an AWS service client assuming a role if specified.

Parameters:

• service_name (str) – AWS service. ec2, sts, etc.

• role_arn (str) – Role ARN if it needs to be assumed.

• session_name (str) – A human-readable string that tells something about this session. Exact value isn’t important.

• region (str) – AWS region name.

Returns:

AWS boto3 client.

infrahouse_toolkit.aws.get_credentials_from_environ()

Yet another way to get credentials.

If environment is already configured for AWS access, simply get the credential from the environment. This is a situation when a user configures AWS_* in their env. Or when a role has been assumed and AWS_* are configured.

Returns:

A dictionary with AWS_* variables.

infrahouse_toolkit.aws.get_secret(secretsmanager_client, secret_name)

Retrieve a value of a secret by its name.