...
Your use of this download is governed by Stonebranch’s Terms of Use, which are available at https://www.stonebranch.com/integration-hub/Terms-and-Privacy/Terms-of-Use/
Introduction
This Universal Task allows customers to create an EC2 instance with parameters, either in task form, or by simply creating an EC2 instance from the existing AWS launch template. This task also offers the option to additionally install a Linux/UNIX Universal Agent in the newly provisioned EC2 Instance.
Overview
The task interacts with the AWS platform via a Python boto3 module.
All AWS credentials remain encrypted.
Customers can also install/configure a Linux Universal Agent for each EC2 instance, enabling the Universal Controller to instantly communicate with the newly created instance. (NOTE: only Linux Universal Agent is supported at the moment.)
This task also lets customers create multiple EC2 instances with the same configuration. New instances can also be tagged.
It allows customers to create a new keypair or use an existing one for the new EC2 instance.
This task also enables options for additional EBS volume and encryption, as well as detailed monitoring.
AWS EC2 Task High-Level Overview
...
Overview
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. You can use AWS Lambda to extend other AWS services with custom logic, or create your own back end services that operate at AWS scale, performance, and security. AWS Lambda can automatically run code in response to multiple events, such as HTTP requests via Amazon API Gateway, modifications to objects in Amazon S3 buckets, table updates in Amazon DynamoDB, and state transitions in AWS Step Functions.
Lambda runs your code on high-availability compute infrastructure and performs all the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code and security patch deployment, and code monitoring and logging. All you need to do is supply the code.
Software Requirements
This integration requires an a Universal Agent and a Python runtime to execute the Universal Task against AWS EC2 Instance.
Software Requirements for /wiki/spaces/UC71x/pages/5178050 and /wiki/spaces/UC71x/pages/5180675 Universal Template and Universal Task
Requires Python
...
3.7
...
.
...
0 or higher. Tested with the Universal Agent bundled Python distribution.
...
requests
Boto3
Software Requirements for Universal Agent
Both Windows and Linux agents are supported:
- Universal Agent for Windows x64 Version
...
- 7.
...
- 0.0.0 and later with python options installed.
- Universal Agent for Linux Version
...
- 7.
...
- 0.0.0 and later with python options installed.
Software Requirements for Universal Controller
Universal Controller Version
...
7.
...
0.0.0 and later.
Software Requirements for the Application to be Scheduled
The Server Running the Universal Agent needs to have Python 2.7.x or 3.6.x installed
AWS IAM Credentials -Access Key, Secret Access key and Region with EC2 set of permissions
This universal task for the AWS EC2-start-stop-terminate has been tested with the agent bundled with python 3.6 and boto3 module
Technical Considerations
Consider using this universal task either with universal agent bundled with python(uapy) and also having boto3 module within this environment or a python environment (py) in a host where universal agent is installed with boto3 module in it.
AWS IAM credentials (Access Key, Secret Access key and Region) should be with the Appropriate access for handling AWS EC2 instances.
With the current version of this Universal Task, Universal Agent can be installed only in Linux EC2 Instance.
AWS Create EC2 Instance (with Universal Agent) Key Features
...
Feature
...
Description
...
Create New EC2 Instance
...
Creates a EC2 Instance based on the parameters that are provided in the form
...
Launch EC2 from template
...
Create a EC2 Instance based on a template in AWS
Import AWS Create EC2 Instance (with Universal Agent) Downloadable Universal Template
...
Network and Connectivity Requirements
Extension's Univesal Agent host should be able to reach AWS Lambda REST endpoints.
Key Features
This Universal Extension provides the following key features:
- Trigger Lambda function Synchronously or Asynchronously.
- Support authorization via IAM Role-Based Access Control (RBAC) strategy.
- Support Proxy communication via HTTP/HTTPS protocol.
Import Universal Template
To use the Universal Template, you first must perform the following steps:
This Universal Task requires the
...
Resolvable Credentials feature, check that the Resolvable Credentials Permitted system property has been set to true. For more information about Resolvable Credentials click here.
...
Download the provided ZIP file.
In the Universal Controller UI, select
...
Administration >Configuration > Universal Templates to display the current list of
...
Click Import Template.
Select
...
the template ZIP file and Import.
When the files have template has been imported successfully, the Universal Template will appear on the list, refresh your Navigation Tree to see these tasks in the Automation Center Menu.
Configure
...
Universal Task
For the new Universal Task type AWS Lambda, create a new task, and enter the task-specific details that were created in the Universal Template.
Field Descriptions for AWS Create EC2 Instance (with Universal Agent) Universal Task
...
Field
...
Description
...
AWS-DEFAULT-REGION
...
AWS Region kept as credential
...
AWS-SECRET-ACCESS-KEY
...
AWS Secret Key
...
AWS-ACCESS-KEY-ID
...
AWS Access Key
...
Launch Instance Option
...
Select either launch from template or create a brand new ec2 instance with the parameter supplied in the form
...
LaunchTemplateName
...
Mandatory if launch_instance_option=” Launch from template”
...
AWS_IMAGE_ID
...
Provide the AWS machine ID ,Mandatory if launch_instance_option=” new_instance”
...
Keypair option
...
PEM file creation choice , Select either existing Key pair or New Key pair
...
EC2-KEYPAIR-Path & Name
...
Provide Keypair file name and the path (Do not give the extension) for new and for existing keypair just the name
...
EC2 Instance Type
...
provide ec2-instance type like t2. Micro , if Launch from template = “Create New Instance”
...
Minimum Count
...
Minimum Count of instance that need to be created, if Launch from template = “Create New Instance”
...
Max Count
...
Max count of instance that needs to be created, if Launch from template = “Create New Instance”
...
associate_public_ip
...
If a public IP needs to be created when a instance is created
...
SubnetId
...
Provide subnetID where the instance to be associated within AWS
...
Availability Zone
...
Provide Availability Zone where the instance to be associated within AWS
...
Security Group ID
...
provide security group ids, if multiple ID's then separate by comma
...
Instance Tag name
...
EC2 Instance Tag Name
...
iam_instance_profile_name
...
If applicable provide the IAM Instance Profile Name
...
device_name
...
Provide the device name; for example, /dev/sda1
...
ebs_volume_size
...
Provide EBS Volume size
...
EBS Vol. Type
...
Select either standard or io1 or gp2 or sc1 or st1
...
EBS Vol. Encyption
...
Check if encryption needs needed
...
EC2 Monitoring
...
Check this box if detailed monitoring required
...
Install Universal Agent
...
Check this box if you would need to install universal agent with this new EC2 instance created
...
Agent Download URL
...
Provide the path to download the agent URL, if install universal agent option is selected
...
Universal Agent Install OS
...
select the OS where universal agent needs to be installed
...
Agent OMS IP
...
Provide the OMS server IP for the universal agent to be connected after installation , if install universal agent option is selected
...
Use Public IP for SSH
...
Select if you would need to use the public or provide IP for SSH
...
os_user_id
...
Provide the OS user ID that will be used to make SSH connection
Examples for AWS Create EC2 Instance (with Universal Agent) Universal Tasks
New EC2 Instance Creation
Launch Instance with Launch Template
Input Fields
The input fields for this Universal Extension are described below.
| Field | Input type | Default value | Type | Description |
|---|---|---|---|---|
| Action | Required | Trigger Lambda function | Choice | The action performed upon the task execution. Available action:
|
| AWS Region | Required | - | Text | Region for the Amazon Web Service. Find more information about the AWS Service endpoints and quotas here. |
| AWS Credentials | Required | - | Credentials | The AWS account credentials. They are comprised of:
|
| Role Based Access | Optional | False | Boolean | Special type of authorization is provided by Role Assumption where the client sends his own credentials and the role he wants to assume from another user. If allowed, the client receives temporary credentials with limited time access to some resources. |
| Role ARN | Optional | - | Text | Role Arn: Amazon Role, which is applied for the connection. Role ARN format: Example RoleArn: arn:aws:iam::119322085622:role.Required when Role Based Access="True". |
| Function Name | Required | - | Text | The name of the Lambda function i.e my-function (name-only) or my-function:v1 (with alias) that will be triggered. |
| Invocation Type | Required | Request Response | Choice | Type of execution for the function being triggered. Available choices are:
|
| Payload Source | Optional | None | Choice | Source of payload to be sent.
|
| Payload Script | Optional | - | Script Field | Script field where the payload can be entered. The scripts must evaluate to a proper JSON format. Required when Payload Source = "Script". |
| Client Context Source | Optional | None | Choice | Client context that's provided to Lambda function by the client application.
|
| Client Context Script | Optional | - | Script | Script passing parameters using the ClientContext object. The scripts must evaluate to a proper JSON format. Required when Client Context Source= "Script". |
| Use Proxy | Optional | False | Boolean | Flag to indicate whether Proxy shall be used in the communication with AWS. |
| Proxy Type | Optional | HTTP | Choice | Type of proxy connection to be used. Available options are:
|
| Proxy | Optional | - | Text | Comma separated list of Proxy servers. Valid formats:http://proxyip:port or http://proxyip:port,https://proxyip:port.Required when Use Proxy is checked. |
| Proxy CA Bundle File | Optional | - | Text | The path to a custom certificate bundle to use when establishing SSL/TLS connections with proxy. Used when Proxy Type is configured for "HTTPS" or "HTTPS With Credentials". |
| Proxy Credentials | Optional | - | Credentials | `Credentials to be used for the proxy communication.They are comprised of:
|
| Qualifier | Optional | - | Text | Version or alias to invoke a published version of the function. Example for version 1 Qualifier = "1". If empty default value is the latest version. |
Extension Cancelation
When using a 7.0 or newer template, we must ensure that the “Always Cancel On Force Finish” is checked. This is to minimize leaving “orphan” processes on the OS without the option for the agent to see they are running. 
Task Examples
Trigger Lambda Synchronously with Log
Triggering a Lambda function Sychronously with Log Type equals "Tail". Syncronously is set by Invocation Type equals "Request_Response".
Trigger Lambda Asynchronously with Role Based Access and HTTPS Proxy
Triggering Lambda function Asychronously, with Role Based Access enabled and "HTTPS Proxy connection". Further input includes Payload Source and Client Context Source from JSON "script". Also Qualifier is set to "3" meaning the 3rd version of the Lambda function will be triggered. Asyncronously is set by Invocation Type equals "Event". "Proxy" needs to be on the correct format and "Proxy CA Bundle File" on correct format and path.
Trigger Lambda Synchronously with HTTPS with Credentials Proxy
Triggering a Lambda function Sychronously with "HTTPS with Credentials Proxy" connection. Note that the Log Type is set to "None" and Qualifier is blank, meaning that the latest version of the Lambda function will be called.
Exit Codes
The exit codes for AWS Lambda Extension are described below.
| Exit Code | Status Classification Code | Status Classification Description | Status Description |
|---|---|---|---|
| 0 | SUCCESS | Successful Execution | SUCCESS: Successful Task execution |
| 1 | FAIL | Failed Execution | FAIL: < Error Description > |
| 2 | AUTHENTICATION_ERROR | Bad credentials | AUTHENTICATION_ERROR: Account cannot be authenticated. |
| 3 | AUTHORIZATION_ERROR | Insufficient Permissions | AUTHORIZATION_ERROR: Account is not authorized to perform the requested action. |
| 10 | CONNECTION_ERROR | Bad connection data or connection timed out | CONNECTION_ERROR: < Error Description > |
| 11 | CONNECTION_ERROR | Extension specific connection error | CONNECTION_ERROR: ProxyConnectionError: Failed to connect to proxy URL <url> |
| 20 | DATA_VALIDATION_ERROR | Input fields validation error | DATA_VALIDATION_ERROR: Some of the input fields cannot be validated. See STDOUT for more details |
Extension Output
The Extension Output for AWS Lambda Universal Task successful execution is described below.
{
"exit_code": 0,
"status_description": "SUCCESS: AWS Lambda function invoked successfully",
"changed": true,
"invocation": {
"extension": "ue-aws-lambda",
"version": "1.0.0",
"fields": {
"action": "Trigger Lambda Function",
"credentials_user": "test-user",
"credentials_password": "****",
"region": "us-east-1",
"role_based_access": false,
"role_arn": null,
"function_name": "test-function",
"invocation_type": "RequestResponse",
"payload_source": null,
"payload_script": null,
"client_context_source": null,
"client_context_script": null,
"log_type": null,
"qualifier": null,
"use_proxy": false,
"proxy_type": null,
"proxy": null,
"proxy_credentials_user": null,
"proxy_credentials_password": null,
"proxy_ca_bundle_file": null
}
},
"result": {
"status_code": 200,
"log_result": "Multiline Log text",
"payload": "{\"statusCode\": 999, \"body\": {\"message\": \"Hello World\"}}",
"executed_version": "$LATEST",
"function_error": null,
}
}
}Task Status
The task instance with Status equals to "Success" and Exit Code equals "0".
Document References
This document references the following documents:
| Name | Location | Description |
|---|---|---|
| Universal Templates | https://docs.stonebranch.com/confluence/display/ |
| U70/Universal+Templates | User documentation for creating Universal Templates in the Universal Controller user interface. |
| Universal Tasks | https://docs.stonebranch.com/confluence/display/ |
| UC70/Universal+Tasks | User documentation for creating Universal Tasks in the Universal Controller user interface. | |
| AWS Lambda | https://docs.aws.amazon.com/lambda/?id=docs_gateway | Documentation for AWS Lambda |
| IAM RBAC authorization model | https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html#introduction_attribute-based-access-control_compare-rbac | User Documentation for Comparing ABAC to the traditional RBAC model |