Python script for importing the FortiDeceptor image
To view the help message for the for this script use the command -h.
import boto3
import time, sys, os,traceback
import json
import pprint
from datetime import datetime
from types import SimpleNamespace
global_region_name="us-west-2"
global_aws_access_key_id=""
global_aws_secret_access_key=""
global_bucket=""
class DatetimeEncoder(json.JSONEncoder):
def default(self, obj):
if isinstance(obj, datetime):
return obj.strftime('%Y-%m-%dT%H:%M:%SZ')
elif isinstance(obj, date):
return obj.strftime('%Y-%m-%d')
# Let the base class default method raise the TypeError
return json.JSONEncoder.default(self, obj)
def check_return(resp):
if resp != None:
if resp['ResponseMetadata']['HTTPStatusCode'] == 200:
return 0
return -1
def list_bucket():
bna = []
for bucket in s3.buckets.all():
bna.append(bucket.name)
return bna
def resp2obj(resp):
s = json.dumps(resp, cls=DatetimeEncoder)
return json.loads(s, object_hook=lambda d: SimpleNamespace(**d))
def bucket_exists(s3s, fk):
for b in s3s.buckets.all():
if b.name == fk:
return True
return False
def import_as_AMI(filename,imagename, arch, size):
if filename is None:
print("Incorrect parameter")
return
fn = filename #sys.argv[1]
fk = imagename #sys.argv[2]
arch = arch #sys.argv[3]
size = size #sys.argv[4]
s3s = boto3.resource('s3', region_name=global_region_name, aws_access_key_id=global_aws_access_key_id, aws_secret_access_key=global_aws_secret_access_key)
s3c = boto3.client('s3', region_name=global_region_name, aws_access_key_id=global_aws_access_key_id, aws_secret_access_key=global_aws_secret_access_key)
buck=global_bucket
if not bucket_exists(s3s, buck):
bucket = s3s.create_bucket(ACL='private', Bucket=buck, CreateBucketConfiguration={'LocationConstraint':global_region_name})
if bucket != None:
bucket.wait_until_exists()
else:
print("Failed to create bucket %s" % (buck))
return
else:
bucket = s3s.Bucket(buck)
bucket = s3s.Bucket(buck)
s3c.delete_object(Bucket=buck, Key=fk)
bucket.upload_file(fn, fk)
ec2 = boto3.client('ec2', region_name=global_region_name, aws_access_key_id=global_aws_access_key_id, aws_secret_access_key=global_aws_secret_access_key)
try:
resp = ec2.import_snapshot(
Description='import FDC image snapshot',
DiskContainer={
'Format': 'VHD',
'UserBucket': {
'S3Bucket': buck,
'S3Key': fk
}
})
r = resp2obj(resp)
except Exception as e:
print('''Please make sure you have the service role 'vmimport' with below permissions:
-- Resource to s3:your-bucket
*) s3:ListBucket
*) s3:GetBucketLocation
*) s3:GetObject
-- Resource to ec2:*
*) ec2:ModifySnapshotAttribute
*) ec2:CopySnapshot
*) ec2:RegisterImage
*) ec2:Describe*
For more information, please refer to https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html , section 'Required service role'
''')
print(traceback.format_exc())
sys.exit(-1)
print("Importing image: taskid={}".format(r.ImportTaskId))
while True:
time.sleep(10)
resp = ec2.describe_import_snapshot_tasks(ImportTaskIds=[r.ImportTaskId])
#print(resp)
if check_return(resp) == 0:
taskdetail = resp['ImportSnapshotTasks'][0]
st = taskdetail['SnapshotTaskDetail']['Status']
print("Importing image: {}".format(st))
if st == 'completed':
break
elif st == "deleted":
print(taskdetail)
return
print("Imported image successfully")
r = resp2obj(resp)
ec2s = boto3.resource('ec2', region_name=global_region_name, aws_access_key_id=global_aws_access_key_id, aws_secret_access_key=global_aws_secret_access_key)
snapshot = ec2s.Snapshot(r.ImportSnapshotTasks[0].SnapshotTaskDetail.SnapshotId)
snapshot.create_tags(Tags=[{'Key':'Name', 'Value':fk}])
resp = ec2.register_image(Name=fk, Architecture=arch, RootDeviceName='/dev/sda1',
BlockDeviceMappings=[{'DeviceName':'/dev/sda1',
'Ebs':{'SnapshotId':snapshot.id,'VolumeType':'gp2','VolumeSize':int(size),'DeleteOnTermination':True}},
{'DeviceName':'/dev/sdb',
'Ebs':{'VolumeType':'gp2','VolumeSize':50,'DeleteOnTermination':True}},],
VirtualizationType='hvm', EnaSupport=True)
if check_return(resp) == 0:
print("Registered image successfully")
else:
print("Failed to register image")
print(resp)
r = resp2obj(resp)
image = ec2s.Image(r.ImageId)
image.create_tags(Tags=[{'Key':'Name', 'Value':fk}])
s3c.delete_object(Bucket=buck, Key=fk)
print("Deleted the image file from bucket {}".format(buck))
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-r", "--region_name", help="region_name")
parser.add_argument("-i", "--aws_access_key_id", help="aws_access_key_id")
parser.add_argument("-k", "--aws_secret_access_key", help="aws_secret_access_key")
parser.add_argument("-b", "--bucket", help="The bucket name")
parser.add_argument("-f", "--filename", help="The FDC AWS vhd full file name")
parser.add_argument("-n", "--imagename", help="The AMI image name on AWS")
parser.add_argument("-a", "--arch", help="Optional: default is 86_64")
parser.add_argument("-s", "--size", help="Optional: The size of the image file, default is 1GB. ")
args = parser.parse_args()
global_region_name=args.region_name
global_aws_access_key_id=args.aws_access_key_id
global_aws_secret_access_key=args.aws_secret_access_key
global_bucket="fdcbucket".lower()
if args.bucket:
global_bucket = args.bucket
filename=args.filename
imagename=args.imagename
arch="x86_64"
if args.arch:
arch = args.arch
size=1
if args.size:
size=args.size
import_as_AMI(filename, imagename, arch, size)