MovableInkAWS 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 669c0c6bef77e8bfb4b4eda8971acb83794abd1b
+  data.tar.gz: b9b7805f3aeb75e9e6162522b5f94d5e2e57dcb8
+SHA512:
+  metadata.gz: eb0abc4ce9cbff973ca3bf729f29fba02ed2ea91507bef521e2c7df147184da8aec5ffdb61462ce98133d01708adef6fcaed5898c700b1e0c9c68bd892cad6f6
+  data.tar.gz: 9b24941a0844d01f41d30b926b6c79e74c44a7bb367d572ee36146d9da20366f7ff49ae6ef81b1f94ceeacaec27c980ce0bbf0ae2b15a8adb343224e7167090a

data/.travis.yml

@@ -0,0 +1,8 @@
+language: ruby
+rvm:
+  - 2.2
+
+bundler_args: "--retry=3"
+
+script:
+  - rspec spec/

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec
+
+group :test do
+  gem 'rspec',    '~> 3.6'
+end

data/Gemfile.lock

@@ -0,0 +1,42 @@
+PATH
+  remote: .
+  specs:
+    MovableInkAWS (0.1.1)
+      aws-sdk (~> 2.10, >= 2.10.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-sdk (2.10.125)
+      aws-sdk-resources (= 2.10.125)
+    aws-sdk-core (2.10.125)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.10.125)
+      aws-sdk-core (= 2.10.125)
+    aws-sigv4 (1.0.2)
+    diff-lcs (1.3)
+    jmespath (1.3.1)
+    rspec (3.6.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  MovableInkAWS!
+  rspec (~> 3.6)
+
+BUNDLED WITH
+   1.16.0

data/MovableInkAWS.gemspec

@@ -0,0 +1,20 @@
+$LOAD_PATH.push File.expand_path("../lib", __FILE__)
+require "movable_ink/version"
+
+Gem::Specification.new do |s|
+  s.name          = 'MovableInkAWS'
+  s.version       = MovableInk::AWS::VERSION
+  s.summary       = 'AWS Utility methods for MovableInk'
+  s.description   = 'AWS Utility methods for MovableInk'
+  s.authors       = ['Matt Chesler']
+  s.email         = 'mchesler@movableink.com'
+
+  s.add_runtime_dependency 'aws-sdk',  '~> 2.10', '>= 2.10.0'
+
+  all_files  = `git ls-files`.split("\n")
+  test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
+
+  s.files         = all_files - test_files
+  s.test_files    = test_files
+  s.require_paths = ["lib"]
+end

data/README.md

@@ -0,0 +1,27 @@
+# MovableInk::AWS gem
+
+## Building
+
+`gem build MovableInkAWS.gemspec`
+
+## "Publishing"
+
+`s3cmd put -P MovableInkAWS-<VERSION>.gem s3://movableink-chef/MovableInkAWS/`
+
+## Installing
+
+`gem install ./MovableInkAWS-<VERSION>.gem`
+
+## Using
+
+```ruby
+require 'movable_ink/aws'
+
+miaws = MovableInk::AWS.new
+
+miaws.datacenter
+
+miaws.instance_ip_addresses_by_role(role: 'varnish').map { |m| "http://#{m}:8080" }
+
+...
+```

data/lib/movable_ink/aws/autoscaling.rb

@@ -0,0 +1,68 @@
+module MovableInk
+  class AWS
+    module Autoscaling
+      def autoscaling(region: my_region)
+        @autoscaling_client ||= {}
+        @autoscaling_client[region] ||= Aws::AutoScaling::Client.new(region: region)
+      end
+
+      def mark_me_as_unhealthy
+        run_with_backoff do
+          autoscaling.set_instance_health({
+            health_status: "Unhealthy",
+            instance_id: instance_id,
+            should_respect_grace_period: false
+          })
+        end
+      end
+
+      def mark_me_as_healthy(role:)
+        run_with_backoff do
+          ec2.create_tags({
+            resources: [instance_id],
+            tags: [
+              {
+                key: "mi:roles",
+                value: role
+              }
+            ]
+          })
+        end
+      end
+
+      def delete_role_tag(role:)
+        run_with_backoff do
+          ec2.delete_tags({
+            resources: [instance_id],
+            tags: [
+              {
+                key: "mi:roles",
+                value: role
+              }
+            ]
+          })
+        end
+      end
+
+      def complete_lifecycle_action(hook_name:, group_name:, token:)
+        run_with_backoff do
+          autoscaling.complete_lifecycle_action({
+            lifecycle_hook_name:     hook_name,
+            auto_scaling_group_name: group_name,
+            lifecycle_action_token:  token,
+            lifecycle_action_result: 'CONTINUE'
+          })
+        end
+      end
+
+      def record_lifecycle_action_heartbeat(hook_name:, group_name:)
+        run_with_backoff do
+          autoscaling.record_lifecycle_action_heartbeat({
+            lifecycle_hook_name:     hook_name,
+            auto_scaling_group_name: group_name
+          })
+        end
+      end
+    end
+  end
+end

data/lib/movable_ink/aws/ec2.rb

@@ -0,0 +1,128 @@
+module MovableInk
+  class AWS
+    module EC2
+      def ec2(region: my_region)
+        @ec2_client ||= {}
+        @ec2_client[region] ||= Aws::EC2::Client.new(region: region)
+      end
+
+      def mi_env
+        @mi_env ||= load_mi_env
+      end
+
+      def load_mi_env
+        run_with_backoff do
+          ec2.describe_tags(filters: [
+                {
+                  name: 'resource-id',
+                  values: [instance_id]
+                }
+              ])
+             .tags
+             .detect { |tag| tag.key == 'mi:env' }
+             .value
+        end
+      end
+
+      def thopter_instance
+        @thopter_instance ||= load_thopter_instance
+      end
+
+      def load_thopter_instance
+        run_with_backoff do
+          ec2(region: 'us-east-1').describe_instances(filters: [
+            {
+              name: 'tag:mi:roles',
+              values: ['*thopter*']
+            },
+            {
+              name: 'tag:mi:env',
+              values: [mi_env]
+            },
+            {
+              name: 'instance-state-name',
+              values: ['running']
+            }
+          ])
+          .reservations
+          .flat_map(&:instances)
+        end
+      end
+
+      def all_instances(region: my_region, no_filter: false)
+        @all_instances ||= {}
+        @all_instances[region] ||= load_all_instances(region, no_filter: no_filter)
+      end
+
+      def load_all_instances(region, no_filter: false)
+        filters = if no_filter
+          nil
+        else
+          [{
+            name: 'instance-state-name',
+            values: ['running']
+          },
+          {
+            name: 'tag:mi:env',
+            values: [mi_env]
+          }]
+        end
+        run_with_backoff do
+          ec2(region: region).describe_instances(filters: filters).flat_map do |resp|
+            resp.reservations.flat_map(&:instances)
+          end
+        end
+      end
+
+      def instances(role:, region: my_region, availability_zone: nil)
+        role_pattern = mi_env == 'production' ? "^#{role}$" : "^*#{role}*$"
+        role_pattern = role_pattern.gsub('**','*').gsub('*','.*')
+        instances = all_instances(region: region).select { |instance|
+          instance.tags.detect { |tag|
+            tag.key == 'mi:roles'&&
+              Regexp.new(role_pattern).match(tag.value) &&
+              !tag.value.include?('decommissioned')
+          }
+        }
+        if availability_zone
+          instances.select { |instance|
+            instance.placement.availability_zone == availability_zone
+          }
+        else
+          instances
+        end
+      end
+
+      def thopter
+        private_ip_addresses(thopter_instance).first
+      end
+
+      def statsd_host
+        instance_ip_addresses_by_role(role: 'statsd', availability_zone: availability_zone).sample
+      end
+
+      def private_ip_addresses(instances)
+        instances.map(&:private_ip_address)
+      end
+
+      def instance_ip_addresses_by_role(role:, availability_zone: nil)
+        private_ip_addresses(instances(role: role, availability_zone: availability_zone))
+      end
+
+      def instance_ip_addresses_by_role_ordered(role:)
+        instances = instances(role: role)
+        instances_in_my_az = instances.select { |instance| instance.placement.availability_zone == availability_zone }
+        ordered_instances = instances_in_my_az.shuffle + (instances - instances_in_my_az).shuffle
+        private_ip_addresses(ordered_instances)
+      end
+
+      def redis_by_role(role, port)
+        instance_ip_addresses_by_role(role: role)
+          .shuffle
+          .inject([]) { |redii, instance|
+            redii.push({"host" => instance, "port" => port})
+          }
+      end
+    end
+  end
+end

data/lib/movable_ink/aws/errors.rb

@@ -0,0 +1,8 @@
+module MovableInk
+  class AWS
+    module Errors
+      class FailedWithBackoff < StandardError; end
+      class EC2Required < StandardError; end
+    end
+  end
+end

data/lib/movable_ink/aws/route53.rb

@@ -0,0 +1,58 @@
+module MovableInk
+  class AWS
+    module Route53
+      def route53
+        @route53_client ||= Aws::Route53::Client.new(region: 'us-east-1')
+      end
+
+      def elastic_ips
+        @all_elastic_ips ||= load_all_elastic_ips
+      end
+
+      def load_all_elastic_ips
+        run_with_backoff do
+          ec2.describe_addresses.flat_map(&:addresses)
+        end
+      end
+
+      def unassigned_elastic_ips
+        @unassigned_elastic_ips ||= elastic_ips.select { |address| address.association_id.nil? }
+      end
+
+      def reserved_elastic_ips
+        @reserved_elastic_ips ||= s3.get_object({bucket: 'movableink-chef', key: 'reserved_ips.json'}).body
+                                    .map { |line| JSON.parse(line) }
+      end
+
+      def available_elastic_ips(role:)
+        reserved_elastic_ips.select do |ip|
+          ip["datacenter"] == datacenter &&
+          ip["role"] == role &&
+          unassigned_elastic_ips.map(&:allocation_id).include?(ip["allocation_id"])
+        end
+      end
+
+      def assign_ip_address(role:)
+        run_with_backoff do
+          ec2.associate_address({
+            instance_id: instance_id,
+            allocation_id: available_elastic_ips(role: role).sample["allocation_id"]
+          })
+        end
+      end
+
+      def resource_record_sets(hosted_zone_id)
+        @resource_record_sets ||= {}
+        @resource_record_sets[hosted_zone_id] ||= list_all_r53_resource_record_sets(hosted_zone_id)
+      end
+
+      def list_all_r53_resource_record_sets(hosted_zone_id)
+        run_with_backoff do
+          route53.list_resource_record_sets({
+            hosted_zone_id: hosted_zone_id
+          }).flat_map(&:resource_record_sets)
+        end
+      end
+    end
+  end
+end

data/lib/movable_ink/aws/sns.rb

@@ -0,0 +1,41 @@
+module MovableInk
+  class AWS
+    module SNS
+      def sns(region: my_region)
+        @sns_client ||= {}
+        @sns_client[region] ||= Aws::SNS::Client.new(region: region)
+      end
+
+      def sns_slack_topic_arn
+        run_with_backoff do
+          sns.list_topics.each do |resp|
+            resp.topics.each do |topic|
+              return topic.topic_arn if topic.topic_arn.include? "slack-aws-alerts"
+            end
+          end
+        end
+      end
+
+      def notify_and_sleep(seconds, error_class)
+        message = "Throttled by AWS. Sleeping #{seconds} seconds, (#{error_class})"
+        notify_slack(subject: 'API Throttled',
+                     message: message)
+        puts message
+        sleep seconds
+      end
+
+      def notify_nsq_can_not_be_drained
+        notify_slack(subject: 'NSQ not drained',
+                     message: 'Unable to drain NSQ')
+      end
+
+      def notify_slack(subject:, message:)
+        run_with_backoff do
+          sns.publish(topic_arn: sns_slack_topic_arn,
+                      subject: "#{subject} (#{instance_id}, #{my_region})",
+                      message: message)
+        end
+      end
+    end
+  end
+end

data/lib/movable_ink/aws/ssm.rb

@@ -0,0 +1,41 @@
+module MovableInk
+  class AWS
+    module SSM
+      def ssm
+        @ssm_client ||= Aws::SSM::Client.new(region: 'us-east-1')
+      end
+
+      def get_secret(environment: mi_env, role:, attribute:)
+        run_with_backoff do
+          begin
+            resp = ssm.get_parameter(
+                      name: "/#{environment}/#{role}/#{attribute}",
+                      with_decryption: true
+                    )
+            resp.parameter.value
+          rescue Aws::SSM::Errors::ParameterNotFound => e
+            nil
+          end
+        end
+      end
+
+      def get_role_secrets(environment: mi_env, role:)
+        path = "/#{environment}/#{role}"
+        run_with_backoff do
+          ssm.get_parameters_by_path(
+            path: path,
+            with_decryption: true
+          ).inject({}) do |secrets, resp|
+            extract_parameters(resp.parameters, path)
+          end
+        end
+      end
+
+      def extract_parameters(parameters, path)
+        parameters.map do |param|
+          [ param.name.gsub("#{path}/", ''), param.value ]
+        end.to_h
+      end
+    end
+  end
+end

data/lib/movable_ink/aws.rb

@@ -0,0 +1,73 @@
+require 'aws-sdk'
+
+require_relative 'aws/errors'
+require_relative 'aws/ec2'
+require_relative 'aws/sns'
+require_relative 'aws/autoscaling'
+require_relative 'aws/route53'
+require_relative 'aws/ssm'
+
+module MovableInk
+  class AWS
+    include EC2
+    include SNS
+    include Autoscaling
+    include Route53
+    include SSM
+
+    class << self
+      def regions
+        {
+          'iad' => 'us-east-1',
+          'rld' => 'us-west-2',
+          'dub' => 'eu-west-1',
+          'ord' => 'us-east-2'
+        }
+      end
+    end
+
+    def initialize(environment: nil)
+      @mi_env = environment
+    end
+
+    def run_with_backoff
+      9.times do |num|
+        begin
+          return yield
+        rescue Aws::EC2::Errors::RequestLimitExceeded,
+               Aws::SNS::Errors::ThrottledException,
+               Aws::AutoScaling::Errors::ThrottledException,
+               Aws::S3::Errors::SlowDown,
+               Aws::Route53::Errors::ThrottlingException,
+               Aws::SSM::Errors::TooManyUpdates
+          notify_and_sleep((num+1)**2 + rand(10), $!.class)
+        end
+      end
+      raise MovableInk::AWS::Errors::FailedWithBackoff
+    end
+
+    def regions
+      self.class.regions
+    end
+
+    def availability_zone
+      @availability_zone ||= `ec2metadata --availability-zone`.chomp rescue raise(MovableInk::AWS::Errors::EC2Required)
+    end
+
+    def my_region
+      @my_region ||= availability_zone.chop
+    end
+
+    def instance_id
+      @instance_id ||= `ec2metadata --instance-id`.chomp rescue raise(MovableInk::AWS::Errors::EC2Required)
+    end
+
+    def datacenter(region: my_region)
+      regions.key(region)
+    end
+
+    def s3
+      @s3_client ||= Aws::S3::Client.new(region: 'us-east-1')
+    end
+  end
+end

data/lib/movable_ink/version.rb

@@ -0,0 +1,5 @@
+module MovableInk
+  class AWS
+    VERSION = '0.1.1'
+  end
+end

data/spec/autoscaling_spec.rb

@@ -0,0 +1,56 @@
+require 'aws-sdk'
+require_relative '../lib/movable_ink/aws'
+
+describe MovableInk::AWS::Autoscaling do
+  let(:aws) { MovableInk::AWS.new }
+  let(:autoscaling) { Aws::AutoScaling::Client.new(stub_responses: true) }
+  let(:ec2) { Aws::EC2::Client.new(stub_responses: true) }
+  let(:set_instance_health_data) { autoscaling.stub_data(:set_instance_health, {}) }
+  let(:complete_lifecycle_action_data) { autoscaling.stub_data(:complete_lifecycle_action, {}) }
+  let(:record_lifecycle_action_heartbeat_data) { autoscaling.stub_data(:record_lifecycle_action_heartbeat, {}) }
+  let(:create_tags_data) { ec2.stub_data(:create_tags, {}) }
+  let(:delete_tags_data) { ec2.stub_data(:delete_tags, {}) }
+
+  it "should mark an instance as unhealthy" do
+    autoscaling.stub_responses(:set_instance_health, set_instance_health_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:instance_id).and_return('i-12345')
+    allow(aws).to receive(:autoscaling).and_return(autoscaling)
+
+    expect(aws.mark_me_as_unhealthy).to eq(Aws::EmptyStructure.new)
+  end
+
+  it "should mark an instance as healthy" do
+    ec2.stub_responses(:create_tags, create_tags_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:instance_id).and_return('i-12345')
+    allow(aws).to receive(:ec2).and_return(ec2)
+
+    expect(aws.mark_me_as_healthy(role: 'some_role')).to eq(Aws::EmptyStructure.new)
+  end
+
+  it "should remove role tags" do
+    ec2.stub_responses(:delete_tags, delete_tags_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:instance_id).and_return('i-12345')
+    allow(aws).to receive(:ec2).and_return(ec2)
+
+    expect(aws.delete_role_tag(role: 'some_role')).to eq(Aws::EmptyStructure.new)
+  end
+
+  it "should complete lifecycle actions" do
+    autoscaling.stub_responses(:complete_lifecycle_action, complete_lifecycle_action_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:autoscaling).and_return(autoscaling)
+
+    expect(aws.complete_lifecycle_action(hook_name: 'hook', group_name: 'group', token: 'token')).to eq(Aws::EmptyStructure.new)
+  end
+
+  it "should record lifecycle action heartbeats" do
+    autoscaling.stub_responses(:record_lifecycle_action_heartbeat, record_lifecycle_action_heartbeat_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:autoscaling).and_return(autoscaling)
+
+    expect(aws.record_lifecycle_action_heartbeat(hook_name: 'hook', group_name: 'group')).to eq(Aws::EmptyStructure.new)
+  end
+end

data/spec/aws_spec.rb

@@ -0,0 +1,54 @@
+require 'aws-sdk'
+require_relative '../lib/movable_ink/aws'
+
+describe MovableInk::AWS do
+  context "outside EC2" do
+    it "should raise an error if EC2 is required" do
+      aws = MovableInk::AWS.new
+      expect{ aws.instance_id }.to raise_error(MovableInk::AWS::Errors::EC2Required)
+      expect{ aws.availability_zone }.to raise_error(MovableInk::AWS::Errors::EC2Required)
+    end
+  end
+
+  context "inside EC2" do
+    it "should call ec2metadata to get the instance ID" do
+      aws = MovableInk::AWS.new
+      expect(aws).to receive(:`).with('ec2metadata --instance-id').and_return('i-12345')
+      expect(aws.instance_id).to eq('i-12345')
+    end
+
+    it "should call ec2metadata to get the availability zone" do
+      aws = MovableInk::AWS.new
+      expect(aws).to receive(:`).with('ec2metadata --availability-zone').and_return("us-east-1a\n")
+      expect(aws.availability_zone).to eq('us-east-1a')
+    end
+
+    it "should find the datacenter by region" do
+      aws = MovableInk::AWS.new
+      expect(aws).to receive(:`).with('ec2metadata --availability-zone').and_return("us-east-1a\n")
+      expect(aws.datacenter).to eq('iad')
+    end
+
+    context "MovableInk::AWS#run_with_backoff" do
+      it "should retry when throttled with increasing timeouts" do
+        aws = MovableInk::AWS.new(environment: 'test')
+        ec2 = Aws::EC2::Client.new(stub_responses: true)
+        ec2.stub_responses(:describe_instances, 'RequestLimitExceeded')
+
+        expect(aws).to receive(:notify_slack).exactly(9).times
+        expect(aws).to receive(:sleep).exactly(9).times.and_return(true)
+
+        aws.run_with_backoff { ec2.describe_instances } rescue nil
+      end
+
+      it "should raise an error after too many timeouts" do
+        aws = MovableInk::AWS.new(environment: 'test')
+        ec2 = Aws::EC2::Client.new(stub_responses: true)
+        ec2.stub_responses(:describe_instances, 'RequestLimitExceeded')
+
+        expect(aws).to receive(:notify_and_sleep).exactly(9).times
+        expect{ aws.run_with_backoff { ec2.describe_instances } }.to raise_error(MovableInk::AWS::Errors::FailedWithBackoff)
+      end
+    end
+  end
+end

data/spec/ec2_spec.rb

@@ -0,0 +1,223 @@
+require 'aws-sdk'
+require_relative '../lib/movable_ink/aws'
+
+describe MovableInk::AWS::EC2 do
+  context "outside EC2" do
+    it "should raise an error if trying to load mi_env outside of EC2" do
+      aws = MovableInk::AWS.new
+      expect{ aws.mi_env }.to raise_error(MovableInk::AWS::Errors::EC2Required)
+    end
+
+    it "should use the provided environment" do
+      aws = MovableInk::AWS.new(environment: 'test')
+      expect(aws.mi_env).to eq('test')
+    end
+  end
+
+  context "inside EC2" do
+    let(:aws) { MovableInk::AWS.new }
+    let(:ec2) { Aws::EC2::Client.new(stub_responses: true) }
+    let(:tag_data) { ec2.stub_data(:describe_tags, tags: [
+        {
+          key: 'mi:env',
+          value: 'test'
+        }
+      ])
+    }
+
+    it "should find the environment from the current instance's tags" do
+      ec2.stub_responses(:describe_tags, tag_data)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      allow(aws).to receive(:instance_id).and_return('i-12345')
+      allow(aws).to receive(:ec2).and_return(ec2)
+
+      expect(aws.mi_env).to eq('test')
+    end
+
+    context "thopter" do
+      let(:thopter_data) { ec2.stub_data(:describe_instances, reservations: [
+        instances: [
+          {
+            tags: [
+              {
+                key: 'mi:env',
+                value: 'test'
+              },
+              {
+                key: 'mi:roles',
+                value: 'thopter'
+              },
+              {
+                key: 'Name',
+                value: 'thopter'
+              }
+            ],
+            private_ip_address: '1.2.3.4'
+          }
+        ]])
+      }
+
+      it "should find the thopter instance" do
+        ec2.stub_responses(:describe_instances, thopter_data)
+        allow(aws).to receive(:mi_env).and_return('test')
+        allow(aws).to receive(:my_region).and_return('us-east-1')
+        allow(aws).to receive(:ec2).and_return(ec2)
+
+        expect(aws.thopter_instance.count).to eq(1)
+      end
+
+      it "should find the thopter instance's private IP" do
+        ec2.stub_responses(:describe_instances, thopter_data)
+        allow(aws).to receive(:mi_env).and_return('test')
+        allow(aws).to receive(:my_region).and_return('us-east-1')
+        allow(aws).to receive(:ec2).and_return(ec2)
+
+        expect(aws.thopter).to eq('1.2.3.4')
+      end
+    end
+
+    context "statsd" do
+      let(:availability_zone) { 'us-east-1a' }
+      let(:statsd_data) { ec2.stub_data(:describe_instances, reservations: [
+        instances: [
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'statsd'
+              }
+            ],
+            private_ip_address: '10.0.0.1',
+            placement: {
+              availability_zone: availability_zone
+            }
+          },
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'statsd'
+              }
+            ],
+            private_ip_address: '10.0.0.2',
+            placement: {
+              availability_zone: availability_zone
+            }
+          },
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'something_else'
+              }
+            ],
+            private_ip_address: '10.0.0.3',
+            placement: {
+              availability_zone: availability_zone
+            }
+          }
+        ]])
+      }
+
+      it "should find one of the statsd hosts" do
+        ec2.stub_responses(:describe_instances, statsd_data)
+        allow(aws).to receive(:mi_env).and_return('test')
+        allow(aws).to receive(:availability_zone).and_return(availability_zone)
+        allow(aws).to receive(:my_region).and_return('us-east-1')
+        allow(aws).to receive(:ec2).and_return(ec2)
+
+        expect(['10.0.0.1', '10.0.0.2']).to include(aws.statsd_host)
+        expect(['10.0.0.1', '10.0.0.2']).to include(aws.statsd_host)
+      end
+    end
+
+    context "ordered roles" do
+      let(:my_availability_zone) { 'us-east-1a' }
+      let(:other_availability_zone) { 'us-east-1b' }
+      let(:instance_data) { ec2.stub_data(:describe_instances, reservations: [
+        instances: [
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'app_db_replica'
+              }
+            ],
+            private_ip_address: '10.0.0.1',
+            placement: {
+              availability_zone: my_availability_zone
+            }
+          },
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'app_db_replica'
+              }
+            ],
+            private_ip_address: '10.0.0.2',
+            placement: {
+              availability_zone: other_availability_zone
+            }
+          }
+        ]])
+      }
+
+      it "should find hosts and order them with my AZ first" do
+        ec2.stub_responses(:describe_instances, instance_data)
+        allow(aws).to receive(:mi_env).and_return('test')
+        allow(aws).to receive(:availability_zone).and_return(my_availability_zone)
+        allow(aws).to receive(:my_region).and_return('us-east-1')
+        allow(aws).to receive(:ec2).and_return(ec2)
+
+        expect(aws.instance_ip_addresses_by_role_ordered(role: 'app_db_replica').count).to eq(2)
+        expect(aws.instance_ip_addresses_by_role_ordered(role: 'app_db_replica').first).to eq('10.0.0.1')
+        expect(aws.instance_ip_addresses_by_role_ordered(role: 'app_db_replica').last).to eq('10.0.0.2')
+      end
+    end
+
+    context "redii" do
+      let(:port) { 6379 }
+      let(:availability_zone) { 'us-east-1a' }
+      let(:redis_data) { ec2.stub_data(:describe_instances, reservations: [
+        instances: [
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'visitor_redis'
+              }
+            ],
+            private_ip_address: '10.0.0.1',
+            placement: {
+              availability_zone: availability_zone
+            }
+          },
+          {
+            tags: [
+              {
+                key: 'mi:roles',
+                value: 'visitor_redis'
+              }
+            ],
+            private_ip_address: '10.0.0.2',
+            placement: {
+              availability_zone: availability_zone
+            }
+          }
+        ]])
+      }
+      let(:redii) { [{"host" => '10.0.0.1', "port" => 6379},{"host" => '10.0.0.2', "port" => 6379}] }
+
+      it "should return redis IPs and ports" do
+        ec2.stub_responses(:describe_instances, redis_data)
+        allow(aws).to receive(:mi_env).and_return('test')
+        allow(aws).to receive(:availability_zone).and_return(availability_zone)
+        allow(aws).to receive(:my_region).and_return('us-east-1')
+        allow(aws).to receive(:ec2).and_return(ec2)
+
+        expect(aws.redis_by_role('visitor_redis', port)).to match_array(redii)
+      end
+    end
+  end
+end

data/spec/route53_spec.rb

@@ -0,0 +1,115 @@
+require 'aws-sdk'
+require_relative '../lib/movable_ink/aws'
+
+describe MovableInk::AWS::Route53 do
+  let(:aws) { MovableInk::AWS.new }
+
+  context "elastic IPs" do
+    let(:ec2) { Aws::EC2::Client.new(stub_responses: true) }
+    let(:s3) { Aws::S3::Client.new(stub_responses: true) }
+    let(:elastic_ip_data) { ec2.stub_data(:describe_addresses, addresses: [
+        {
+          allocation_id: "eipalloc-1",
+          association_id: "eipassoc-1",
+          domain: "vpc",
+          public_ip: "1.1.1.1"
+        },
+        {
+          allocation_id: "eipalloc-2",
+          association_id: "eipassoc-2",
+          domain: "vpc",
+          public_ip: "1.1.1.2"
+        },
+        {
+          allocation_id: "eipalloc-3",
+          association_id: nil,
+          domain: "vpc",
+          public_ip: "1.1.1.3"
+        }
+      ])
+    }
+    let(:associate_address_data) { ec2.stub_data(:associate_address, association_id: 'eipassoc-3') }
+    let(:reserved_ips) { StringIO.new(
+      "{\"datacenter\":\"iad\",\"allocation_id\":\"eipalloc-1\",\"public_ip\":\"1.1.1.1\",\"role\":\"some_role\"}
+       {\"datacenter\":\"iad\",\"allocation_id\":\"eipalloc-2\",\"public_ip\":\"1.1.1.2\",\"role\":\"some_role\"}
+       {\"datacenter\":\"iad\",\"allocation_id\":\"eipalloc-3\",\"public_ip\":\"1.1.1.3\",\"role\":\"some_role\"}"
+    )}
+    let(:s3_reserved_ips_data) { s3.stub_data(:get_object, body: reserved_ips) }
+
+    it "should find all elastic IPs" do
+      ec2.stub_responses(:describe_addresses, elastic_ip_data)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      allow(aws).to receive(:instance_id).and_return('i-12345')
+      allow(aws).to receive(:ec2).and_return(ec2)
+
+      expect(aws.elastic_ips.count).to eq(3)
+      expect(aws.elastic_ips.first.public_ip).to eq('1.1.1.1')
+      expect(aws.elastic_ips.last.public_ip).to eq('1.1.1.3')
+    end
+
+    it "should find unassigned elastic IPs" do
+      ec2.stub_responses(:describe_addresses, elastic_ip_data)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      allow(aws).to receive(:instance_id).and_return('i-12345')
+      allow(aws).to receive(:ec2).and_return(ec2)
+
+      expect(aws.unassigned_elastic_ips.count).to eq(1)
+      expect(aws.unassigned_elastic_ips.first.public_ip).to eq('1.1.1.3')
+    end
+
+    it "should load reserved elastic IPs from S3" do
+      s3.stub_responses(:get_object, s3_reserved_ips_data)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      allow(aws).to receive(:instance_id).and_return('i-12345')
+      allow(aws).to receive(:s3).and_return(s3)
+
+      expect(aws.reserved_elastic_ips.count).to eq(3)
+    end
+
+    it "should filter reserved IPs to get available IPs" do
+      ec2.stub_responses(:describe_addresses, elastic_ip_data)
+      s3.stub_responses(:get_object, s3_reserved_ips_data)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      allow(aws).to receive(:instance_id).and_return('i-12345')
+      allow(aws).to receive(:ec2).and_return(ec2)
+      allow(aws).to receive(:s3).and_return(s3)
+
+      expect(aws.available_elastic_ips(role: 'some_role').count).to eq(1)
+      expect(aws.available_elastic_ips(role: 'some_role').first['public_ip']).to eq('1.1.1.3')
+    end
+
+    it "should assign an elastic IP" do
+      ec2.stub_responses(:describe_addresses, elastic_ip_data)
+      ec2.stub_responses(:associate_address, associate_address_data)
+      s3.stub_responses(:get_object, s3_reserved_ips_data)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      allow(aws).to receive(:instance_id).and_return('i-12345')
+      allow(aws).to receive(:ec2).and_return(ec2)
+      allow(aws).to receive(:s3).and_return(s3)
+
+      expect(aws.assign_ip_address(role: 'some_role').association_id).to eq('eipassoc-3')
+    end
+  end
+
+  context "resource record sets" do
+    let(:route53) { Aws::Route53::Client.new(stub_responses: true) }
+    let(:rrset_data) { route53.stub_data(:list_resource_record_sets, resource_record_sets: [
+        {
+          name: 'host1.domain.tld.'
+        },
+        {
+          name: 'host2.domain.tld.'
+        }
+      ])
+    }
+
+    it "should retrieve all rrsets for zone" do
+      route53.stub_responses(:list_resource_record_sets, rrset_data)
+      allow(aws).to receive(:route53).and_return(route53)
+
+      expect(aws.resource_record_sets('Z123').count).to eq(2)
+      expect(aws.resource_record_sets('Z123').first.name).to eq('host1.domain.tld.')
+      expect(aws.resource_record_sets('Z123').last.name).to eq('host2.domain.tld.')
+    end
+  end
+end

data/spec/sns_spec.rb

@@ -0,0 +1,31 @@
+require 'aws-sdk'
+require_relative '../lib/movable_ink/aws'
+
+describe MovableInk::AWS::SNS do
+  let(:aws) { MovableInk::AWS.new }
+  let(:sns) { Aws::SNS::Client.new(stub_responses: true) }
+  let(:topic_data) { sns.stub_data(:list_topics, topics: [
+      {
+        topic_arn: 'slack-aws-alerts'
+      }
+    ])
+  }
+  let(:publish_response) { sns.stub_data(:publish, message_id: 'messageId')}
+
+  it "should find the slack sns topic" do
+    sns.stub_responses(:list_topics, topic_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:sns).and_return(sns)
+
+    expect(aws.sns_slack_topic_arn).to eq('slack-aws-alerts')
+  end
+
+  it "should notify with the specified subject and message" do
+    sns.stub_responses(:list_topics, topic_data)
+    allow(aws).to receive(:my_region).and_return('us-east-1')
+    allow(aws).to receive(:instance_id).and_return('test instance')
+    allow(aws).to receive(:sns).and_return(sns)
+
+    expect(aws.notify_slack(subject: 'Test subject', message: 'Test message').message_id).to eq('messageId')
+  end
+end

data/spec/ssm_spec.rb

@@ -0,0 +1,66 @@
+require 'aws-sdk'
+require_relative '../lib/movable_ink/aws'
+
+describe MovableInk::AWS::SSM do
+  let(:aws) { MovableInk::AWS.new }
+  let(:ssm) { Aws::SSM::Client.new(stub_responses: true) }
+  let(:parameter) { ssm.stub_data(:get_parameter, parameter: {
+      name: '/test/sneakers/setec-astronomy',
+      type: 'SecureString',
+      value: 'too-many-secrets'
+    })
+  }
+  let(:parameters) { ssm.stub_data(:get_parameters_by_path, parameters: [
+      {
+        name: '/test/zelda/Its',
+        type: 'SecureString',
+        value: "It's"
+      },
+      {
+        name: '/test/zelda/a',
+        type: 'SecureString',
+        value: "dangerous"
+      },
+      {
+        name: '/test/zelda/secret',
+        type: 'SecureString',
+        value: "to"
+      },
+      {
+        name: '/test/zelda/to',
+        type: 'SecureString',
+        value: "go"
+      },
+      {
+        name: '/test/zelda/everyone',
+        type: 'SecureString',
+        value: "alone"
+      }
+    ])
+  }
+  let(:zelda_secrets) {
+    {
+      "Its"      => "It's",
+      "a"        => "dangerous",
+      "secret"   => "to",
+      "to"       => "go",
+      "everyone" => "alone"
+    }
+  }
+
+  it "should retrieve a decrypted secret" do
+    ssm.stub_responses(:get_parameter, parameter)
+    allow(aws).to receive(:mi_env).and_return('test')
+    allow(aws).to receive(:ssm).and_return(ssm)
+
+    expect(aws.get_secret(role: 'sneakers', attribute: 'setec-astronomy')).to eq('too-many-secrets')
+  end
+
+  it "should retrieve all secrets for a role" do
+    ssm.stub_responses(:get_parameters_by_path, parameters)
+    allow(aws).to receive(:mi_env).and_return('test')
+    allow(aws).to receive(:ssm).and_return(ssm)
+
+    expect(aws.get_role_secrets(role: 'zelda')).to eq(zelda_secrets)
+  end
+end

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: MovableInkAWS
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Matt Chesler
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-02-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.10.0
+description: AWS Utility methods for MovableInk
+email: mchesler@movableink.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- MovableInkAWS.gemspec
+- README.md
+- lib/movable_ink/aws.rb
+- lib/movable_ink/aws/autoscaling.rb
+- lib/movable_ink/aws/ec2.rb
+- lib/movable_ink/aws/errors.rb
+- lib/movable_ink/aws/route53.rb
+- lib/movable_ink/aws/sns.rb
+- lib/movable_ink/aws/ssm.rb
+- lib/movable_ink/version.rb
+- spec/autoscaling_spec.rb
+- spec/aws_spec.rb
+- spec/ec2_spec.rb
+- spec/route53_spec.rb
+- spec/sns_spec.rb
+- spec/ssm_spec.rb
+homepage: 
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: AWS Utility methods for MovableInk
+test_files:
+- spec/autoscaling_spec.rb
+- spec/aws_spec.rb
+- spec/ec2_spec.rb
+- spec/route53_spec.rb
+- spec/sns_spec.rb
+- spec/ssm_spec.rb