cloud-mu 3.2.0 → 3.5.0

data/modules/mu/providers/aws/loadbalancer.rb

@@ -41,8 +41,8 @@ module MU
         # Called automatically by {MU::Deploy#createResources}
         def create
           if @config["zones"] == nil
-            @config["zones"] = MU::Cloud::AWS.listAZs(region: @config['region'])
-            MU.log "Using zones from #{@config['region']}", MU::DEBUG, details: @config['zones']
+            @config["zones"] = MU::Cloud::AWS.listAZs(region: @region)
+            MU.log "Using zones from #{@region}", MU::DEBUG, details: @config['zones']
           end
 
           lb_options = {
@@ -122,15 +122,15 @@ module MU
           begin
             if @config['classic']
               MU.log "Creating Elastic Load Balancer #{@mu_name}", details: lb_options
-              lb = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_load_balancer(lb_options)
+              lb = MU::Cloud::AWS.elb(region: @region, credentials: @credentials).create_load_balancer(lb_options)
             else
               MU.log "Creating Application Load Balancer #{@mu_name}", details: lb_options
-              lb = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_load_balancer(lb_options).load_balancers.first
+              lb = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_load_balancer(lb_options).load_balancers.first
               begin
                 if lb.state.code != "active"
                   MU.log "Waiting for ALB #{@mu_name} to enter 'active' state", MU::NOTICE
                   sleep 20
-                  lb = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
+                  lb = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_load_balancers(
                     names: [@mu_name]
                   ).load_balancers.first
                 end
@@ -170,7 +170,7 @@ module MU
           if zones_to_try.size < @config["zones"].size
             zones_to_try.each { |zone|
               begin
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).enable_availability_zones_for_load_balancer(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).enable_availability_zones_for_load_balancer(
                   load_balancer_name: @mu_name,
                   availability_zones: [zone]
                 )
@@ -183,7 +183,7 @@ module MU
           @targetgroups = {}
           if !@config['healthcheck'].nil? and @config['classic']
             MU.log "Configuring custom health check for ELB #{@mu_name}", details: @config['healthcheck']
-            MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).configure_health_check(
+            MU::Cloud::AWS.elb(region: @region, credentials: @credentials).configure_health_check(
                 load_balancer_name: @mu_name,
                 health_check: {
                     target: @config['healthcheck']['target'],
@@ -229,9 +229,9 @@ module MU
                   end
                 end
 
-                tg_resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_target_group(tg_descriptor)
+                tg_resp = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_target_group(tg_descriptor)
                 @targetgroups[tg['name']] = tg_resp.target_groups.first
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).add_tags(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).add_tags(
                   resource_arns: [tg_resp.target_groups.first.target_group_arn],
                   tags: lb_options[:tags]
                 )
@@ -285,7 +285,7 @@ module MU
                   "ELBSecurityPolicy-TLS-1-2-2017-01"
                 end
               end
-              listen_resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_listener(listen_descriptor).listeners.first
+              listen_resp = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_listener(listen_descriptor).listeners.first
               if !l['rules'].nil?
                 l['rules'].each { |rule|
                   rule_descriptor = {
@@ -307,14 +307,14 @@ module MU
                       }
                     end
                   }
-                  MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_rule(rule_descriptor)
+                  MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_rule(rule_descriptor)
                 }
               end
             }
           else
             @config["listeners"].each { |l|
               if l['ssl_certificate_id']
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).set_load_balancer_policies_of_listener(
                   load_balancer_name: @cloud_id, 
                   load_balancer_port: l['lb_port'], 
                   policy_names: [
@@ -347,7 +347,7 @@ module MU
           if @config['cross_zone_unstickiness'] 
             MU.log "Enabling cross-zone un-stickiness on #{lb.dns_name}"
             if @config['classic']
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_name: @mu_name,
                 load_balancer_attributes: {
                   cross_zone_load_balancing: {
@@ -357,7 +357,7 @@ module MU
               )
             else
               @targetgroups.values.each { |tg|
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_target_group_attributes(
                   target_group_arn: tg.target_group_arn,
                   attributes: [
                     {
@@ -373,7 +373,7 @@ module MU
           if !@config['idle_timeout'].nil?
             MU.log "Setting idle timeout to #{@config['idle_timeout']} #{lb.dns_name}"
             if @config['classic']
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_name: @mu_name,
                 load_balancer_attributes: {
                   connection_settings: {
@@ -382,7 +382,7 @@ module MU
                 }
               )
             else
-              MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_arn: lb.load_balancer_arn,
                 attributes: [
                   {
@@ -398,7 +398,7 @@ module MU
             if @config['classic']
               if @config['connection_draining_timeout'] >= 0
                 MU.log "Setting connection draining timeout to #{@config['connection_draining_timeout']} on #{lb.dns_name}"
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                     load_balancer_name: @mu_name,
                     load_balancer_attributes: {
                         connection_draining: {
@@ -409,7 +409,7 @@ module MU
                 )
               else
                 MU.log "Disabling connection draining on #{lb.dns_name}"
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                     load_balancer_name: @mu_name,
                     load_balancer_attributes: {
                         connection_draining: {
@@ -427,7 +427,7 @@ module MU
                 MU.log "Disabling connection draining on #{lb.dns_name}"
               end
               @targetgroups.values.each { |tg|
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_target_group_attributes(
                   target_group_arn: tg.target_group_arn,
                   attributes: [
                     {
@@ -443,7 +443,7 @@ module MU
           if !@config['access_log'].nil?
             MU.log "Setting access log params for #{lb.dns_name}", details: @config['access_log']
             if @config['classic']
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_name: @mu_name,
                 load_balancer_attributes: {
                   access_log: {
@@ -455,7 +455,7 @@ module MU
                 }
               )
             else
-              MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_arn: lb.load_balancer_arn,
                 attributes: [
                   {
@@ -485,7 +485,7 @@ module MU
               if !@config['lb_cookie_stickiness_policy']['timeout'].nil?
                 cookie_policy[:cookie_expiration_period] = @config['lb_cookie_stickiness_policy']['timeout']
               end
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_lb_cookie_stickiness_policy(cookie_policy)
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).create_lb_cookie_stickiness_policy(cookie_policy)
               lb_policy_names = Array.new
               lb_policy_names << @config['lb_cookie_stickiness_policy']['name']
               listener_policy = {
@@ -495,12 +495,12 @@ module MU
               lb_options[:listeners].each do |listener|
                 if listener[:protocol].upcase == 'HTTP' or listener[:protocol].upcase == 'HTTPS'
                   listener_policy[:load_balancer_port] = listener[:load_balancer_port]
-                  MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(listener_policy)
+                  MU::Cloud::AWS.elb(region: @region, credentials: @credentials).set_load_balancer_policies_of_listener(listener_policy)
                 end
               end
             else
               @targetgroups.values.each { |tg|
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_target_group_attributes(
                   target_group_arn: tg.target_group_arn,
                   attributes: [
                     {
@@ -529,7 +529,7 @@ module MU
                 policy_name: @config['app_cookie_stickiness_policy']['name'],
                 cookie_name: @config['app_cookie_stickiness_policy']['cookie']
               }
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_app_cookie_stickiness_policy(cookie_policy)
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).create_app_cookie_stickiness_policy(cookie_policy)
               lb_policy_names = Array.new
               lb_policy_names << @config['app_cookie_stickiness_policy']['name']
               listener_policy = {
@@ -539,7 +539,7 @@ module MU
               lb_options[:listeners].each do |listener|
                 if listener[:protocol].upcase == 'HTTP' or listener[:protocol].upcase == 'HTTPS'
                   listener_policy[:load_balancer_port] = listener[:load_balancer_port]
-                  MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(listener_policy)
+                  MU::Cloud::AWS.elb(region: @region, credentials: @credentials).set_load_balancer_policies_of_listener(listener_policy)
                 end
               end
             else
@@ -573,7 +573,7 @@ module MU
         # @return [String]
         def arn
           if @config['classic']
-            "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":elasticloadbalancing:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@config['credentials'])+":loadbalancer/"+@cloud_id
+            "arn:"+(MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws")+":elasticloadbalancing:"+@region+":"+MU::Cloud::AWS.credToAcct(@credentials)+":loadbalancer/"+@cloud_id
           else
             cloud_desc.load_balancer_arn
           end
@@ -583,22 +583,44 @@ module MU
         # Wrapper for cloud_desc method that deals with elb vs. elb2 resources.
         def cloud_desc(use_cache: true)
           return @cloud_desc_cache if @cloud_desc_cache and use_cache
+          return nil if !@cloud_id
           if @config['classic']
-            @cloud_desc_cache = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
+            @cloud_desc_cache = MU::Cloud::AWS.elb(region: @region, credentials: @credentials).describe_load_balancers(
               load_balancer_names: [@cloud_id]
             ).load_balancer_descriptions.first
             return @cloud_desc_cache
           else
-            @cloud_desc_cache = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
+            @cloud_desc_cache = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_load_balancers(
               names: [@cloud_id]
             ).load_balancers.first
-            if @targetgroups.nil? and !@deploy.nil? and
-                @deploy.deployment['loadbalancers'].has_key?(@config['name']) and
-                @deploy.deployment['loadbalancers'][@config['name']].has_key?("targetgroups")
+            if @targetgroups.nil? 
               @targetgroups = {}
-              @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"].each_pair { |tg_name, tg_arn|
-                @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
-              }
+              if !@deploy.nil? and
+                 @deploy.deployment['loadbalancers'] and
+                 @deploy.deployment['loadbalancers'][@config['name']] and
+                 @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"]
+                @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"].each_pair { |tg_name, tg_arn|
+                  @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
+                }
+              else
+                pp @config['targetgroups']
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_target_groups(load_balancer_arn: @cloud_desc_cache.load_balancer_arn).target_groups.each { |tg|
+                  tg_name = tg.target_group_name
+                  if @config['targetgroups']
+                    @config['targetgroups'].each { |tg_cfg|
+                      if tg_name = @deploy.getResourceName(tg_cfg["name"], max_length: 32, disallowed_chars: /[^A-Za-z0-9-]/)
+                        tg_name = tg_cfg['name']
+                        break
+                      end
+                    }
+                  end
+                  @targetgroups[tg_name] = tg
+                }
+#                @config['targetgroups'].each { |tg|
+#                  tg_name = @deploy.getResourceName(tg["name"], max_length: 32, disallowed_chars: /[^A-Za-z0-9-]/)
+#                  @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
+#                }
+              end
             end
 
             return @cloud_desc_cache
@@ -627,7 +649,7 @@ module MU
         def registerNode(instance_id, targetgroups: nil)
           if @config['classic'] or !@config.has_key?("classic")
             MU.log "Registering #{instance_id} to ELB #{@cloud_id}"
-            MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).register_instances_with_load_balancer(
+            MU::Cloud::AWS.elb(region: @region, credentials: @credentials).register_instances_with_load_balancer(
               load_balancer_name: @cloud_id,
               instances: [
                 {instance_id: instance_id}
@@ -643,7 +665,7 @@ module MU
             end
             targetgroups.each { |tg|
               MU.log "Registering #{instance_id} to Target Group #{tg}"
-              MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).register_targets(
+              MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).register_targets(
                 target_group_arn: @targetgroups[tg].target_group_arn,
                 targets: [
                   {id: instance_id}
@@ -671,8 +693,8 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          if (MU.deploy_id.nil? or MU.deploy_id.empty?) and (!flags or !flags["vpc_id"])
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          if (deploy_id.nil? or deploy_id.empty?) and (!flags or !flags["vpc_id"])
             raise MuError, "Can't touch ELBs without MU-ID or vpc_id flag"
           end
 
@@ -682,7 +704,7 @@ module MU
           # @param region [String]: The cloud provider region
           # @param ignoremaster [Boolean]: Whether to ignore the MU-MASTER-IP tag
           # @param classic [Boolean]: Whether to look for a classic ELB instead of an ALB (ELB2)
-          def self.checkForTagMatch(arn, region, ignoremaster, credentials, classic = false)
+          def self.checkForTagMatch(arn, region, ignoremaster, credentials, classic = false, deploy_id: MU.deploy_id)
             tags = []
             if classic
               tags = MU::Cloud::AWS.elb(credentials: credentials, region: region).describe_tags(
@@ -699,7 +721,7 @@ module MU
             if !tags.nil?
               tags.each { |tag|
                 saw_tags << tag.key
-                muid_match = true if tag.key == "MU-ID" and tag.value == MU.deploy_id
+                muid_match = true if tag.key == "MU-ID" and tag.value == deploy_id
                 mumaster_match = true if tag.key == "MU-MASTER-IP" and tag.value == MU.mu_public_ip
               }
             end
@@ -725,9 +747,9 @@ module MU
                 matched = true if lb.vpc_id == flags['vpc_id']
               else
                 if classic
-                  matched = self.checkForTagMatch(lb.load_balancer_name, region, ignoremaster, credentials, classic)
+                  matched = self.checkForTagMatch(lb.load_balancer_name, region, ignoremaster, credentials, classic, deploy_id: deploy_id)
                 else
-                  matched = self.checkForTagMatch(lb.load_balancer_arn, region, ignoremaster, credentials, classic)
+                  matched = self.checkForTagMatch(lb.load_balancer_arn, region, ignoremaster, credentials, classic, deploy_id: deploy_id)
                 end
               end
               if matched
@@ -773,7 +795,7 @@ module MU
 
 
                   tgs.each { |tg|
-                    if self.checkForTagMatch(tg.target_group_arn, region, ignoremaster, credentials)
+                    if self.checkForTagMatch(tg.target_group_arn, region, ignoremaster, credentials, deploy_id: deploy_id)
                       MU.log "Removing Load Balancer Target Group #{tg.target_group_name}"
                       retries = 0
                       begin
@@ -837,7 +859,7 @@ module MU
                (!listener["ssl_certificate_id"].nil? and !listener["ssl_certificate_id"].empty?)
               if lb['cloud'] != "CloudFormation" # XXX or maybe do this anyway?
                 begin
-                  listener["ssl_certificate_id"] = MU::Cloud::AWS.findSSLCertificate(name: listener["ssl_certificate_name"].to_s, id: listener["ssl_certificate_id"].to_s, region: lb['region'])
+                  listener["ssl_certificate_id"] = MU::Cloud::AWS.findSSLCertificate(name: listener["ssl_certificate_name"].to_s, id: listener["ssl_certificate_id"].to_s, region: lb['region']).first
                 rescue MuError
                   ok = false
                   next

data/modules/mu/providers/aws/log.rb

@@ -30,13 +30,13 @@ module MU
           @config["log_group_name"] = @mu_name
           @config["log_stream_name"] =
             if @config["enable_cloudtrail_logging"]
-              "#{MU::Cloud::AWS.credToAcct(@config['credentials'])}_CloudTrail_#{@config["region"]}"
+              "#{MU::Cloud::AWS.credToAcct(@credentials)}_CloudTrail_#{@region}"
             else
               @mu_name
             end
 
           MU.log "Creating log group #{@mu_name}"
-          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).create_log_group(
+          MU::Cloud::AWS.cloudwatchlogs(region: @region, credentials: @credentials).create_log_group(
             log_group_name: @config["log_group_name"],
             tags: @tags
           )
@@ -45,7 +45,7 @@ module MU
           retries = 0
           max_retries = 5
           begin
-            resp = MU::Cloud::AWS::Log.getLogGroupByName(@config["log_group_name"], region: @config["region"])
+            resp = MU::Cloud::AWS::Log.getLogGroupByName(@config["log_group_name"], region: @region)
             if resp.nil?
               if retries >= max_retries
                 raise MuError, "Cloudwatch Logs group #{@config["log_group_name"]} creation hasn't succeeded after #{(retries*max_retries).to_s}s"
@@ -56,19 +56,19 @@ module MU
             end
           end while resp.nil?
 
-          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).create_log_stream(
+          MU::Cloud::AWS.cloudwatchlogs(region: @region, credentials: @credentials).create_log_stream(
             log_group_name: @config["log_group_name"],
             log_stream_name: @config["log_stream_name"]
           )
 
-          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).put_retention_policy(
+          MU::Cloud::AWS.cloudwatchlogs(region: @region, credentials: @credentials).put_retention_policy(
             log_group_name: @config["log_group_name"],
             retention_in_days: @config["retention_period"]
           )
 
           if @config["filters"] && !@config["filters"].empty?
             @config["filters"].each{ |filter|
-              MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).put_metric_filter(
+              MU::Cloud::AWS.cloudwatchlogs(region: @region, credentials: @credentials).put_metric_filter(
                 log_group_name: @config["log_group_name"],
                 filter_name: filter["name"],
                 filter_pattern: filter["search_pattern"],
@@ -82,8 +82,8 @@ module MU
           end
 
           if @config["enable_cloudtrail_logging"]
-            trail_resp = MU::Cloud::AWS.cloudtrail(region: @config["region"], credentials: @config["credentials"]).describe_trails.trail_list.first
-            raise MuError, "Can't find a cloudtrail in #{MU::Cloud::AWS.credToAcct(@config['credentials'])}/#{@config["region"]}. Please create cloudtrail before enabling logging on it" unless trail_resp
+            trail_resp = MU::Cloud::AWS.cloudtrail(region: @region, credentials: @credentials).describe_trails.trail_list.first
+            raise MuError, "Can't find a cloudtrail in #{MU::Cloud::AWS.credToAcct(@credentials)}/#{@region}. Please create cloudtrail before enabling logging on it" unless trail_resp
 
             iam_policy = '{
               "Version": "2012-10-17",
@@ -96,7 +96,7 @@ module MU
                     "logs:PutLogEventsBatch",
                     "logs:PutLogEvents"
                   ],
-                  "Resource": "arn:'+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+':logs:'+@config["region"]+':'+MU::Cloud::AWS.credToAcct(@config['credentials'])+':log-group:'+@config["log_group_name"]+':log-stream:'+@config["log_stream_name"]+'*"
+                  "Resource": "arn:'+(MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws")+':logs:'+@region+':'+MU::Cloud::AWS.credToAcct(@credentials)+':log-group:'+@config["log_group_name"]+':log-stream:'+@config["log_stream_name"]+'*"
                 }
               ]
             }'
@@ -132,11 +132,11 @@ module MU
               policy_document: iam_policy
             )
 
-            log_group_resp = MU::Cloud::AWS::Log.getLogGroupByName(@config["log_group_name"], region: @config["region"])
+            log_group_resp = MU::Cloud::AWS::Log.getLogGroupByName(@config["log_group_name"], region: @region)
 
             retries = 0
             begin 
-              MU::Cloud::AWS.cloudtrail(region: @config["region"], credentials: @config["credentials"]).update_trail(
+              MU::Cloud::AWS.cloudtrail(region: @region, credentials: @credentials).update_trail(
                 name: trail_resp.name,
                 cloud_watch_logs_log_group_arn: log_group_resp.arn,
                 cloud_watch_logs_role_arn: iam_resp.role.arn
@@ -202,14 +202,14 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::Log.cleanup: need to support flags['known']", MU::DEBUG, details: flags
           MU.log "Placeholder: AWS Log artifacts do not support tags, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: ignoremaster
 
           log_groups = self.find(credentials: credentials, region: region).values
           if !log_groups.empty?
             log_groups.each{ |lg|
-              if lg.log_group_name.match(MU.deploy_id)
+              if lg.log_group_name.match(deploy_id)
                 log_streams = MU::Cloud::AWS.cloudwatchlogs(credentials: credentials, region: region).describe_log_streams(log_group_name: lg.log_group_name).log_streams
                 if !log_streams.empty?
                   log_streams.each{ |ls|
@@ -232,7 +232,7 @@ module MU
 
 #          unless noop
 #            MU::Cloud::AWS.iam(credentials: credentials).list_roles.roles.each{ |role|
-#              match_string = "#{MU.deploy_id}.*CloudTrail"
+#              match_string = "#{deploy_id}.*CloudTrail"
               # Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud.resourceClass("AWS", "Server").
 #              MU::Cloud.resourceClass("AWS", "Server").removeIAMProfile(role.role_name) if role.role_name.match(match_string)
 #            }
@@ -270,9 +270,9 @@ module MU
         def toKitten(**_args)
           bok = {
             "cloud" => "AWS",
-            "credentials" => @config['credentials'],
+            "credentials" => @credentials,
             "cloud_id" => @cloud_id,
-            "region" => @config['region']
+            "region" => @region
           }
 
           if !cloud_desc
@@ -283,7 +283,7 @@ module MU
           bok['name'] = cloud_desc.log_group_name.sub(/.*?\/([^\/]+)$/, '\1')
 
           if cloud_desc.metric_filter_count > 0
-            resp = MU::Cloud::AWS.cloudwatchlogs(region: @config['region'], credentials: @credentials).describe_metric_filters(
+            resp = MU::Cloud::AWS.cloudwatchlogs(region: @region, credentials: @credentials).describe_metric_filters(
               log_group_name: @cloud_id
             )
             resp.metric_filters.each { |filter|