RubyGems - aws-eni - Versions diffs - 0.4.1 → 0.5.0 - Mend

aws-eni 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c19de93aff68758d1c59c46801a7ad707350aa7b
-  data.tar.gz: 6fb377899c3f4c1f894d82a195768e699388cfec
+  metadata.gz: 4ac27064fd3f98202092c5328017e064dadf2aeb
+  data.tar.gz: 524ff66d382280f6a2e453eb26c43e8380b311fa
 SHA512:
-  metadata.gz: ef384ea2c14806ba12a499563639b8c1f4b9d63ee7c4b4f081c3cb6368813d625003204fccee7c68d9220f63741de189020b19c471ed8ee408cb1319298cb085
-  data.tar.gz: d3e0e7595785be73265394aa356457f343001033b03ef32336e41c6cd58909ecf83f8b1d2ad7f1ebe9f4d404b5306ea44da5fcae619508573eff6f3d856e0cba
+  metadata.gz: 0f3f68fde457610edc205c8eabfd18fe87ee81c40da35e42ee5bc1dd034de94e05e8d0492e4f59f360eabcbb7f1012cd781f4e4295d1ce4b257a92a92610983a
+  data.tar.gz: f869c4491ca2989a2dfb7a4fde3b4096eefe9fb85385d0fbec7f93f363ed84aa3526ce6e06d3c70df8c75aa4c387dd2dd82fe8c6429b1d342bf8e6f4ba71b0bd

data/README.md CHANGED

@@ -110,6 +110,43 @@ if Aws::ENI.test_association(assoc[:public_ip])
 else
 ```
+## AWS Policy
+To use this utility, you will need to create and apply the following policy document.
+Name it something like "AmazonEC2ElasticNetworkInterfaceAccess" and attach it to your IAM instance role or IAM user.
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:AllocateAddress",
+                "ec2:AssignPrivateIpAddresses",
+                "ec2:AssociateAddress",
+                "ec2:AttachNetworkInterface",
+                "ec2:CreateNetworkInterface",
+                "ec2:CreateTags",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeAddresses",
+                "ec2:DescribeAvailabilityZones",
+                "ec2:DescribeInternetGateways",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DetachNetworkInterface",
+                "ec2:DisassociateAddress",
+                "ec2:ModifyNetworkInterfaceAttribute",
+                "ec2:ReleaseAddress",
+                "ec2:UnassignPrivateIpAddresses"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
 ## Contributing

data/bin/aws-eni CHANGED

@@ -255,7 +255,7 @@ command [:attach] do |c|
     end
     begin
       device = Aws::ENI.attach_interface(id, enable: config, configure: config, block: block)
-    rescue Aws::ENI::Errors::ClientOperationError => e
+    rescue Aws::ENI::Errors::LimitExceeded => e
       warn e.message
       if new_interface && Aws::ENI.clean_interfaces(id, safe_mode: false)
         puts "interface #{id} deleted"

data/lib/aws-eni.rb CHANGED

@@ -18,6 +18,7 @@ module Aws
           hwaddr = Meta.instance('network/interfaces/macs/').lines.first.strip.chomp('/')
           {
             instance_id:       Meta.instance('instance-id'),
+            instance_type:     Meta.instance('instance-type'),
             availability_zone: Meta.instance('placement/availability-zone'),
             region:            Meta.instance('placement/availability-zone').sub(/^(.*)[a-z]$/,'\1'),
             vpc_id:            Meta.interface(hwaddr, 'vpc-id'),
@@ -111,16 +112,15 @@ module Aws
       device = Interface[options[:device_number] || options[:name]].assert(exists: false)
-      begin
-        response = Client.attach_network_interface(
-          network_interface_id: interface_id,
-          instance_id: environment[:instance_id],
-          device_index: device.device_number
-        )
-      rescue EC2::Errors::AttachmentLimitExceeded
-        raise Errors::ClientOperationError, "Unable to attach #{interface_id} to #{device.name} (attachment limit exceeded)"
+      if Interface.count >= interface_limit
+        raise Errors::LimitExceeded, "Unable to attach #{interface_id} to #{device.name} (attachment limit exceeded)"
       end
+      response = Client.attach_network_interface(
+        network_interface_id: interface_id,
+        instance_id: environment[:instance_id],
+        device_index: device.device_number
+      )
       if do_block || do_config || do_enable
         wait_for 'the interface to attach', rescue: Errors::InvalidInterface do
           device.exists? && Client.interface_attached(device.interface_id)
@@ -265,6 +265,10 @@ module Aws
       do_block = options[:block] != false
       new_ip = options[:private_ip]
+      if current_ips.count >= interface_ip_limit
+        raise Errors::LimitExceeded, "Unable to assign #{new_ip || 'new IP'} to #{interface_id} (assignment limit exceeded)"
+      end
       if do_block && !device.enabled?
         raise Errors::InvalidParameter, "Interface #{device.name} is not enabled (cannot test connection)"
       end
@@ -625,5 +629,65 @@ module Aws
       end
       raise Errors::TimeoutError, "Timed out waiting for #{task}" unless timeout > 0
     end
+    # aws interface and private ip address limits for each instance type
+    # transcribed from: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
+    RESOURCE_LIMITS = {
+      'c1.medium'   => [2, 6],
+      'c1.xlarge'   => [4, 15],
+      'c3.large'    => [3, 10],
+      'c3.xlarge'   => [4, 15],
+      'c3.2xlarge'  => [4, 15],
+      'c3.4xlarge'  => [8, 30],
+      'c3.8xlarge'  => [8, 30],
+      'c4.large'    => [3, 10],
+      'c4.xlarge'   => [4, 15],
+      'c4.2xlarge'  => [4, 15],
+      'c4.4xlarge'  => [8, 30],
+      'c4.8xlarge'  => [8, 30],
+      'cc2.8xlarge' => [8, 30],
+      'cg1.4xlarge' => [8, 30],
+      'cr1.8xlarge' => [8, 30],
+      'd2.xlarge'   => [4, 15],
+      'd2.2xlarge'  => [4, 15],
+      'd2.4xlarge'  => [8, 30],
+      'd2.8xlarge'  => [8, 30],
+      'g2.2xlarge'  => [4, 15],
+      'g2.8xlarge'  => [8, 30],
+      'hi1.4xlarge' => [8, 30],
+      'hs1.8xlarge' => [8, 30],
+      'i2.xlarge'   => [4, 15],
+      'i2.2xlarge'  => [4, 15],
+      'i2.4xlarge'  => [8, 30],
+      'i2.8xlarge'  => [8, 30],
+      'm1.small'    => [2, 4],
+      'm1.medium'   => [2, 6],
+      'm1.large'    => [3, 10],
+      'm1.xlarge'   => [4, 15],
+      'm2.xlarge'   => [4, 15],
+      'm2.2xlarge'  => [4, 30],
+      'm2.4xlarge'  => [8, 30],
+      'm3.medium'   => [2, 6],
+      'm3.large'    => [3, 10],
+      'm3.xlarge'   => [4, 15],
+      'm3.2xlarge'  => [4, 30],
+      'r3.large'    => [3, 10],
+      'r3.xlarge'   => [4, 15],
+      'r3.2xlarge'  => [4, 15],
+      'r3.4xlarge'  => [8, 30],
+      'r3.8xlarge'  => [8, 30],
+      't1.micro'    => [2, 2],
+      't2.micro'    => [2, 2],
+      't2.small'    => [2, 4],
+      't2.medium'   => [3, 6]
+    }.freeze
+    def interface_limit
+      Array(RESOURCE_LIMITS[environment[:instance_type]]).first || 8
+    end
+    def interface_ip_limit
+      Array(RESOURCE_LIMITS[environment[:instance_type]]).last || 30
+    end
   end
 end

data/lib/aws-eni/client.rb CHANGED

@@ -34,6 +34,8 @@ module Aws
       # pass along method calls to our lazy-loaded api client
       def method_missing(method, *args)
         client.public_send(method, *args)
+      rescue EC2::Errors::AttachmentLimitExceeded, EC2::Errors::PrivateIpAddressLimitExceeded, EC2::Errors::AddressLimitExceeded => e
+        raise Errors::LimitExceeded, "Limit exceeded: #{e.message}"
       rescue EC2::Errors::UnauthorizedOperation => e
         raise Errors::ClientPermissionError, "Operation not permitted: #{e.message}"
       rescue EC2::Errors::ServiceError => e
@@ -69,6 +71,8 @@ module Aws
         ])
         raise Errors::UnknownAddress, "No EIP with #{address} could be located" if resp[:addresses].empty?
         resp[:addresses].first
+      rescue IPAddr::InvalidAddressError
+        raise Errors::InvalidAddress, "Invalid address: #{address}"
       end
       # retrieve a list of available addresses

data/lib/aws-eni/errors.rb CHANGED

@@ -24,6 +24,8 @@ module Aws
       class UnknownAddress < ServiceError; end
       class InvalidAddress < ServiceError; end
+      class LimitExceeded < ServiceError; end
     end
   end
 end

data/lib/aws-eni/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Aws
   module ENI
-    VERSION = "0.4.1"
+    VERSION = "0.5.0"
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-eni
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Mike Greiling
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-14 00:00:00.000000000 Z
+date: 2015-06-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli