cloud-mu 3.3.0 → 3.5.1

data/modules/mu/providers/aws/function.rb

@@ -38,10 +38,10 @@ module MU
         end
 
         # Tag this Lambda function
-        def assign_tag(resource_arn, tag_list, region=@config['region'])
+        def assign_tag(resource_arn, tag_list, region=@region)
           begin
             tag_list.each do |each_pair|
-              MU::Cloud::AWS.lambda(region: region, credentials: @config['credentials']).tag_resource({
+              MU::Cloud::AWS.lambda(region: region, credentials: @credentials).tag_resource({
                 resource: resource_arn,
                 tags: each_pair
               })
@@ -58,16 +58,19 @@ module MU
           lambda_properties = get_properties
 
           MU.retrier([Aws::Lambda::Errors::InvalidParameterValueException], max: 5, wait: 10) {
-            resp = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).create_function(lambda_properties)
+            resp = MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).create_function(lambda_properties)
             @cloud_id = resp.function_name
           }
 
           # the console does this and docs expect it to be there, so mimic the
           # behavior
-          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @credentials).create_log_group(
-            log_group_name: "/aws/lambda/#{@cloud_id}",
-            tags: @tags
-          )
+          begin
+            MU::Cloud::AWS.cloudwatchlogs(region: @region, credentials: @credentials).create_log_group(
+              log_group_name: "/aws/lambda/#{@cloud_id}",
+              tags: @tags
+            )
+          rescue Aws::CloudWatchLogs::Errors::ResourceAlreadyExistsException
+          end
         end
 
         # Called automatically by {MU::Deploy#createResources}
@@ -83,14 +86,14 @@ module MU
           }
           if !changes.empty?
             MU.log "Updating Lambda #{@mu_name}", MU::NOTICE, details: changes
-            MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).update_function_configuration(new_props)
+            MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).update_function_configuration(new_props)
           end
 
           if @code_sha256 and @code_sha256 != cloud_desc.code_sha_256.chomp
             MU.log "Updating code in Lambda #{@mu_name}", MU::NOTICE, details: { "old" => @code_sha256, "new" => cloud_desc.code_sha_256 }
             code_block[:publish] = true
             code_block[:function_name] = @cloud_id
-            MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).update_function_code(code_block)
+            MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).update_function_code(code_block)
           end
 
 #          tag_function = assign_tag(lambda_func.function_arn, @config['tags']) 
@@ -117,7 +120,7 @@ module MU
 
               MU.log "Adding #{tr['service']} #{tr['name']} trigger to Lambda function #{@cloud_id}", details: trigger_properties
               begin
-                MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).add_permission(trigger_properties)
+                MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).add_permission(trigger_properties)
               rescue Aws::Lambda::Errors::ResourceConflictException
                 # just means the permission is already there
               end
@@ -135,7 +138,7 @@ module MU
             if @config['invoke_on_completion']['payload']
               invoke_params[:payload] = JSON.generate(@config['invoke_on_completion']['payload'])
             end
-            resp = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).invoke(invoke_params)
+            resp = MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).invoke(invoke_params)
             if resp.status_code == 200
               MU.log "Invoked #{@cloud_id}", MU::NOTICE, details: Base64.decode64(resp.log_result)
             else
@@ -158,13 +161,13 @@ module MU
           begin
             # XXX There doesn't seem to be an API call to list or view existing
             # permissions, wtaf. This means we can't intelligently guard this.
-            MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).add_permission(trigger)
+            MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).add_permission(trigger)
           rescue Aws::Lambda::Errors::ValidationException => e
             MU.log e.message+" (calling_arn: #{calling_arn}, calling_service: #{calling_service}, calling_name: #{calling_name})", MU::ERR, details: trigger
             raise e
           rescue Aws::Lambda::Errors::ResourceConflictException => e
             if e.message.match(/already exists/)
-              MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).remove_permission(
+              MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).remove_permission(
                 function_name: @mu_name,
                 statement_id: "#{calling_service}-#{calling_name}"
               )
@@ -184,16 +187,16 @@ module MU
             case svc.downcase
             when 'sns'
               sib_sns = @deploy.findLitterMate(name: name, type: "notifiers")
-              arn = sib_sns ? sib_sns.arn : "arn:aws:sns:#{@config['region']}:#{MU::Cloud::AWS.credToAcct(@config['credentials'])}:#{name}"
+              arn = sib_sns ? sib_sns.arn : "arn:aws:sns:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{name}"
             when 'alarm','events', 'event', 'cloudwatch_event'
               sib_event = @deploy.findLitterMate(name: name, type: "job")
-              arn = sib_event ? sib_event.arn : "arn:aws:events:#{@config['region']}:#{MU::Cloud::AWS.credToAcct(@config['credentials'])}:rule/#{name}"
+              arn = sib_event ? sib_event.arn : "arn:aws:events:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:rule/#{name}"
             when 'dynamodb'
               sib_dynamo = @deploy.findLitterMate(name: name, type: "nosqldb")
-              arn = sib_dynamo ? sib_dynamo.arn : "arn:aws:dynamodb:#{@config['region']}:#{MU::Cloud::AWS.credToAcct(@config['credentials'])}:table/#{name}"
+              arn = sib_dynamo ? sib_dynamo.arn : "arn:aws:dynamodb:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:table/#{name}"
             when 'apigateway'
               sib_apig = @deploy.findLitterMate(name: name, type: "endpoints")
-              arn = sib_apig ? sib_apig.arn : "arn:aws:apigateway:#{@config['region']}:#{MU::Cloud::AWS.credToAcct(@config['credentials'])}:#{name}"
+              arn = sib_apig ? sib_apig.arn : "arn:aws:apigateway:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{name}"
             when 's3'
               arn = ''
             end
@@ -205,18 +208,18 @@ module MU
         end
         
         # XXX placeholder, really; this is going end up being done from Endpoint, Log and Notification resources, I think
-        def adjust_trigger(trig_type, trig_arn, func_arn, func_id=nil, protocol='lambda',region=@config['region'])
+        def adjust_trigger(trig_type, trig_arn, func_arn, func_id=nil, protocol='lambda',region=@region)
           
           case trig_type
           
           when 'sns'
-            MU::Cloud.resourceClass("AWS", "Notifier").subscribe(trig_arn, arn, "lambda", region: @config['region'], credentials: @credentials)
+            MU::Cloud.resourceClass("AWS", "Notifier").subscribe(trig_arn, arn, "lambda", region: @region, credentials: @credentials)
           when 'dynamodb'
-            stream = MU::Cloud::AWS.dynamostream(region: @config['region'], credentials: @config['credentials']).list_streams(table_name: trig_arn.sub(/.*?:table\//, '')).streams.first
+            stream = MU::Cloud::AWS.dynamostream(region: @region, credentials: @credentials).list_streams(table_name: trig_arn.sub(/.*?:table\//, '')).streams.first
 # XXX  guard this
             MU.log "Adding DynamoDB Stream from #{stream.stream_arn} as trigger for #{@cloud_id}"
             begin
-            MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).create_event_source_mapping(
+            MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).create_event_source_mapping(
               event_source_arn: stream.stream_arn,
               function_name: @cloud_id,
               starting_position: "TRIM_HORIZON" # ...whatever that is
@@ -224,10 +227,10 @@ module MU
             rescue ::Aws::Lambda::Errors::ResourceConflictException
             end
             
-#            MU::Cloud.resourceClass("AWS", "NoSQLDB").subscribe(trig_arn, arn, "lambda", region: @config['region'], credentials: @credentials)
+#            MU::Cloud.resourceClass("AWS", "NoSQLDB").subscribe(trig_arn, arn, "lambda", region: @region, credentials: @credentials)
           when 'event','cloudwatch_event', 'events'
            # XXX don't do this, use MU::Cloud::AWS::Log
-            MU::Cloud::AWS.cloudwatch_events(region: region, credentials: @config['credentials']).put_targets({
+            MU::Cloud::AWS.cloudwatch_events(region: region, credentials: @credentials).put_targets({
               rule: @config['trigger']['name'],
               targets: [
                 {
@@ -314,9 +317,9 @@ module MU
         def toKitten(**_args)
           bok = {
             "cloud" => "AWS",
-            "credentials" => @config['credentials'],
+            "credentials" => @credentials,
             "cloud_id" => @cloud_id,
-            "region" => @config['region']
+            "region" => @region
           }
 
           if !cloud_desc
@@ -330,20 +333,20 @@ module MU
           bok['runtime'] = cloud_desc.runtime
           bok['timeout'] = cloud_desc.timeout
 
-          function = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @credentials).get_function(function_name: bok['name'])
-#          event_srcs = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @credentials).list_event_source_mappings(function_name: @cloud_id)
+          function = MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).get_function(function_name: bok['name'])
+#          event_srcs = MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).list_event_source_mappings(function_name: @cloud_id)
 #          if event_srcs and !event_srcs.event_source_mappings.empty?
 #            MU.log "dem mappings tho #{@cloud_id}", MU::WARN, details: event_srcs
 #          end
 
 #          begin
-#            invoke_cfg = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @credentials).get_function_event_invoke_config(function_name: @cloud_id)
+#            invoke_cfg = MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).get_function_event_invoke_config(function_name: @cloud_id)
 #            MU.log "invoke config #{@cloud_id}", MU::WARN, details: invoke_cfg
 #          rescue ::Aws::Lambda::Errors::ResourceNotFoundException
 #          end
 
 #          MU.log @cloud_id, MU::WARN, details: cloud_desc if @cloud_id == "Espier-Scheduled-Scanner"
-#          MU.log "configuration #{@cloud_id}", MU::WARN, details: MU::Cloud::AWS.lambda(region: @config['region'], credentials: @credentials).get_function_configuration(function_name: @cloud_id) if @cloud_id == "Espier-Scheduled-Scanner"
+#          MU.log "configuration #{@cloud_id}", MU::WARN, details: MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).get_function_configuration(function_name: @cloud_id) if @cloud_id == "Espier-Scheduled-Scanner"
 
 
           if function.code.repository_type == "S3"
@@ -412,7 +415,7 @@ module MU
           end
 
           begin
-            pol = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @credentials).get_policy(function_name: @cloud_id).policy
+            pol = MU::Cloud::AWS.lambda(region: @region, credentials: @credentials).get_policy(function_name: @cloud_id).policy
 MU.log @cloud_id, MU::WARN, details: JSON.parse(pol) if @cloud_id == "ESPIER-DEV-2020080900-LN-ON-DEMAND-SCANNER"
             if pol
               bok['triggers'] ||= []
@@ -539,7 +542,7 @@ MU.log @cloud_id, MU::WARN, details: JSON.parse(pol) if @cloud_id == "ESPIER-DEV
               end
 
               if mu_type
-                MU::Config.addDependency(function, t['name'], mu_type, no_create_wait: true)
+                MU::Config.addDependency(function, t['name'], mu_type, my_phase: "groom")
               end
             }
           end
@@ -705,7 +708,7 @@ MU.log @cloud_id, MU::WARN, details: JSON.parse(pol) if @cloud_id == "ESPIER-DEV
           }
           if @config['tags']
             @config['tags'].each { |tag|
-              lambda_properties[:tags][tag.key.first] = tag.values.first
+              lambda_properties[:tags][tag['key']] = tag['value']
             }
           end
 

data/modules/mu/providers/aws/group.rb

@@ -32,7 +32,7 @@ module MU
         # Called automatically by {MU::Deploy#createResources}
         def create
           begin
-            MU::Cloud::AWS.iam(credentials: @config['credentials']).get_group(
+            MU::Cloud::AWS.iam(credentials: @credentials).get_group(
               group_name: @mu_name,
               path: @config['path']
             )
@@ -42,7 +42,7 @@ module MU
           rescue Aws::IAM::Errors::NoSuchEntity
             @config['path'] ||= "/"+@deploy.deploy_id+"/"
             MU.log "Creating IAM group #{@config['path']}#{@mu_name}"
-            MU::Cloud::AWS.iam(credentials: @config['credentials']).create_group(
+            MU::Cloud::AWS.iam(credentials: @credentials).create_group(
               group_name: @mu_name,
               path: @config['path']
             )
@@ -64,7 +64,7 @@ module MU
               if found.size == 1
                 userdesc = found.values.first
                 MU.log "Adding IAM user #{userdesc.path}#{userdesc.user_name} to group #{@mu_name}", MU::NOTICE
-                MU::Cloud::AWS.iam(credentials: @config['credentials']).add_user_to_group(
+                MU::Cloud::AWS.iam(credentials: @credentials).add_user_to_group(
                   user_name: userid,
                   group_name: @mu_name
                 )
@@ -77,7 +77,7 @@ module MU
               extras = cloud_desc.users.map { |u| u.user_name } - @config['members']
               extras.each { |user_name|
                 MU.log "Purging user #{user_name} from IAM group #{@cloud_id}", MU::NOTICE
-                MU::Cloud::AWS.iam(credentials: @config['credentials']).remove_user_from_group(
+                MU::Cloud::AWS.iam(credentials: @credentials).remove_user_from_group(
                   user_name: user_name,
                   group_name: @cloud_id
                 )
@@ -156,7 +156,7 @@ module MU
         def cloud_desc(use_cache: true)
           return @cloud_desc_cache if @cloud_desc_cache and use_cache
           return nil if !@mu_name
-          @cloud_desc_cache = MU::Cloud::AWS.iam(credentials: @config['credentials']).get_group(
+          @cloud_desc_cache = MU::Cloud::AWS.iam(credentials: @credentials).get_group(
             group_name: @mu_name
           )
           @cloud_desc_cache
@@ -267,7 +267,7 @@ module MU
         def toKitten(**_args)
           bok = {
             "cloud" => "AWS",
-            "credentials" => @config['credentials'],
+            "credentials" => @credentials,
             "cloud_id" => @cloud_id
           }
 
@@ -292,7 +292,7 @@ module MU
           if resp and resp.policy_names and resp.policy_names.size > 0
             resp.policy_names.each { |pol_name|
               pol = MU::Cloud::AWS.iam(credentials: @credentials).get_group_policy(group_name: @cloud_id, policy_name: pol_name)
-              doc = JSON.parse(URI.decode(pol.policy_document))
+              doc = JSON.parse(CGI.unescape(pol.policy_document))
               bok["inline_policies"] = MU::Cloud.resourceClass("AWS", "Role").doc2MuPolicies(pol.policy_name, doc, bok["inline_policies"])
             }
           end

data/modules/mu/providers/aws/habitat.rb

@@ -34,7 +34,7 @@ module MU
           end
 
           MU.log "Creating AWS account #{@mu_name} with contact email #{@config['email']}"
-          resp = MU::Cloud::AWS.orgs(credentials: @config['credentials']).create_account(
+          resp = MU::Cloud::AWS.orgs(credentials: @credentials).create_account(
             account_name: @mu_name,
             email: @config['email']
           )
@@ -42,7 +42,7 @@ module MU
           createid = resp.create_account_status.id
 
           begin
-            resp = MU::Cloud::AWS.orgs(credentials: @config['credentials']).describe_create_account_status(
+            resp = MU::Cloud::AWS.orgs(credentials: @credentials).describe_create_account_status(
               create_account_request_id: createid
             )
             if !["SUCCEEDED", "IN_PROGRESS"].include?(resp.create_account_status.state)

data/modules/mu/providers/aws/job.rb

@@ -33,7 +33,7 @@ module MU
 
           MU.log "Creating CloudWatch Event #{@mu_name}", MU::NOTICE, details: params
 
-          MU::Cloud::AWS.cloudwatchevents(region: @config['region'], credentials: @credentials).put_rule(params)
+          MU::Cloud::AWS.cloudwatchevents(region: @region, credentials: @credentials).put_rule(params)
         end
 
         # Called automatically by {MU::Deploy#createResources}
@@ -50,43 +50,46 @@ module MU
 
           if params.size > 0
             MU.log "Updating CloudWatch Event #{@cloud_id}", MU::NOTICE, details: params
-            MU::Cloud::AWS.cloudwatchevents(region: @config['region'], credentials: @credentials).put_rule(new_props)
+            MU::Cloud::AWS.cloudwatchevents(region: @region, credentials: @credentials).put_rule(new_props)
           end
 
           if @config['targets']
             target_params = []
             @config['targets'].each { |t|
               MU.retrier([MuNonFatal], max:5, wait: 9) {
-              target_ref = MU::Config::Ref.get(t)
-              target_obj = target_ref.kitten(cloud: "AWS")
-              this_target = if target_ref.is_mu_type? and target_obj and
-                               !target_obj.arn.nil?
-                {
-                  id: target_obj.cloud_id,
-                  arn: target_obj.arn
-                }
-              elsif target_ref.id and target_ref.id.match(/^arn:/)
-                {
-                  id: target_ref.id || target_ref.name,
-                  arn: target_ref.id
-                }
-              else
-                raise MuNonFatal.new "Failed to retrieve ARN from CLoudWatch Event target descriptor", details: target_ref.to_h
-              end
-              if t['role']
-                role_obj = MU::Config::Ref.get(t['role']).kitten(@deploy, cloud: "AWS")
-                  raise MuError.new "Failed to fetch object from role reference", details: t['role'].to_h if !role_obj
-                  params[:role_arn] = role_obj.arn
-              end
-              [:input, :input_path, :input_transformer, :kinesis_parameters, :run_command_parameters, :batch_parameters, :sqs_parameters, :ecs_parameters].each { |attr|
-                if t[attr.to_s]
-                  this_target[attr] = MU.structToHash(t[attr.to_s])
+                target_ref = MU::Config::Ref.get(t)
+                target_obj = target_ref.kitten(@deploy, cloud: "AWS")
+                this_target = if target_ref.is_mu_type? and target_obj and
+                                 !target_obj.arn.nil?
+                  if target_ref.type == "functions"
+                    target_obj.addTrigger(arn, "events", @mu_name)
+                  end
+                  {
+                    id: target_obj.cloud_id,
+                    arn: target_obj.arn
+                  }
+                elsif target_ref.id and target_ref.id.match(/^arn:/)
+                  {
+                    id: target_ref.id || target_ref.name,
+                    arn: target_ref.id
+                  }
+                else
+                  raise MuNonFatal.new "Failed to retrieve ARN from CLoudWatch Event target descriptor", details: target_ref.to_h
                 end
-              }
-              target_params << this_target
+                if t['role']
+                  role_obj = MU::Config::Ref.get(t['role']).kitten(@deploy, cloud: "AWS")
+                    raise MuError.new "Failed to fetch object from role reference", details: t['role'].to_h if !role_obj
+                    params[:role_arn] = role_obj.arn
+                end
+                [:input, :input_path, :input_transformer, :kinesis_parameters, :run_command_parameters, :batch_parameters, :sqs_parameters, :ecs_parameters].each { |attr|
+                  if t[attr.to_s]
+                    this_target[attr] = MU.structToHash(t[attr.to_s])
+                  end
+                }
+                target_params << this_target
               }
             }
-            MU::Cloud::AWS.cloudwatchevents(region: @config['region'], credentials: @credentials).put_targets(
+            MU::Cloud::AWS.cloudwatchevents(region: @region, credentials: @credentials).put_targets(
               rule: @cloud_id,
               event_bus_name: cloud_desc.event_bus_name,
               targets: target_params
@@ -173,9 +176,9 @@ module MU
         def toKitten(**_args)
           bok = {
             "cloud" => "AWS",
-            "credentials" => @config['credentials'],
+            "credentials" => @credentials,
             "cloud_id" => @cloud_id,
-            "region" => @config['region']
+            "region" => @region
           }
 
           if !cloud_desc
@@ -214,7 +217,7 @@ module MU
             )
           end
 
-          targets = MU::Cloud::AWS.cloudwatchevents(region: @config['region'], credentials: @credentials).list_targets_by_rule(
+          targets = MU::Cloud::AWS.cloudwatchevents(region: @region, credentials: @credentials).list_targets_by_rule(
             rule: @cloud_id,
             event_bus_name: cloud_desc.event_bus_name
           ).targets

data/modules/mu/providers/aws/loadbalancer.rb

@@ -41,8 +41,8 @@ module MU
         # Called automatically by {MU::Deploy#createResources}
         def create
           if @config["zones"] == nil
-            @config["zones"] = MU::Cloud::AWS.listAZs(region: @config['region'])
-            MU.log "Using zones from #{@config['region']}", MU::DEBUG, details: @config['zones']
+            @config["zones"] = MU::Cloud::AWS.listAZs(region: @region)
+            MU.log "Using zones from #{@region}", MU::DEBUG, details: @config['zones']
           end
 
           lb_options = {
@@ -122,15 +122,15 @@ module MU
           begin
             if @config['classic']
               MU.log "Creating Elastic Load Balancer #{@mu_name}", details: lb_options
-              lb = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_load_balancer(lb_options)
+              lb = MU::Cloud::AWS.elb(region: @region, credentials: @credentials).create_load_balancer(lb_options)
             else
               MU.log "Creating Application Load Balancer #{@mu_name}", details: lb_options
-              lb = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_load_balancer(lb_options).load_balancers.first
+              lb = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_load_balancer(lb_options).load_balancers.first
               begin
                 if lb.state.code != "active"
                   MU.log "Waiting for ALB #{@mu_name} to enter 'active' state", MU::NOTICE
                   sleep 20
-                  lb = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
+                  lb = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_load_balancers(
                     names: [@mu_name]
                   ).load_balancers.first
                 end
@@ -170,7 +170,7 @@ module MU
           if zones_to_try.size < @config["zones"].size
             zones_to_try.each { |zone|
               begin
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).enable_availability_zones_for_load_balancer(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).enable_availability_zones_for_load_balancer(
                   load_balancer_name: @mu_name,
                   availability_zones: [zone]
                 )
@@ -183,7 +183,7 @@ module MU
           @targetgroups = {}
           if !@config['healthcheck'].nil? and @config['classic']
             MU.log "Configuring custom health check for ELB #{@mu_name}", details: @config['healthcheck']
-            MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).configure_health_check(
+            MU::Cloud::AWS.elb(region: @region, credentials: @credentials).configure_health_check(
                 load_balancer_name: @mu_name,
                 health_check: {
                     target: @config['healthcheck']['target'],
@@ -229,9 +229,9 @@ module MU
                   end
                 end
 
-                tg_resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_target_group(tg_descriptor)
+                tg_resp = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_target_group(tg_descriptor)
                 @targetgroups[tg['name']] = tg_resp.target_groups.first
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).add_tags(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).add_tags(
                   resource_arns: [tg_resp.target_groups.first.target_group_arn],
                   tags: lb_options[:tags]
                 )
@@ -285,7 +285,7 @@ module MU
                   "ELBSecurityPolicy-TLS-1-2-2017-01"
                 end
               end
-              listen_resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_listener(listen_descriptor).listeners.first
+              listen_resp = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_listener(listen_descriptor).listeners.first
               if !l['rules'].nil?
                 l['rules'].each { |rule|
                   rule_descriptor = {
@@ -307,14 +307,14 @@ module MU
                       }
                     end
                   }
-                  MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_rule(rule_descriptor)
+                  MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).create_rule(rule_descriptor)
                 }
               end
             }
           else
             @config["listeners"].each { |l|
               if l['ssl_certificate_id']
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).set_load_balancer_policies_of_listener(
                   load_balancer_name: @cloud_id, 
                   load_balancer_port: l['lb_port'], 
                   policy_names: [
@@ -347,7 +347,7 @@ module MU
           if @config['cross_zone_unstickiness'] 
             MU.log "Enabling cross-zone un-stickiness on #{lb.dns_name}"
             if @config['classic']
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_name: @mu_name,
                 load_balancer_attributes: {
                   cross_zone_load_balancing: {
@@ -357,7 +357,7 @@ module MU
               )
             else
               @targetgroups.values.each { |tg|
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_target_group_attributes(
                   target_group_arn: tg.target_group_arn,
                   attributes: [
                     {
@@ -373,7 +373,7 @@ module MU
           if !@config['idle_timeout'].nil?
             MU.log "Setting idle timeout to #{@config['idle_timeout']} #{lb.dns_name}"
             if @config['classic']
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_name: @mu_name,
                 load_balancer_attributes: {
                   connection_settings: {
@@ -382,7 +382,7 @@ module MU
                 }
               )
             else
-              MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_arn: lb.load_balancer_arn,
                 attributes: [
                   {
@@ -398,7 +398,7 @@ module MU
             if @config['classic']
               if @config['connection_draining_timeout'] >= 0
                 MU.log "Setting connection draining timeout to #{@config['connection_draining_timeout']} on #{lb.dns_name}"
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                     load_balancer_name: @mu_name,
                     load_balancer_attributes: {
                         connection_draining: {
@@ -409,7 +409,7 @@ module MU
                 )
               else
                 MU.log "Disabling connection draining on #{lb.dns_name}"
-                MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+                MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                     load_balancer_name: @mu_name,
                     load_balancer_attributes: {
                         connection_draining: {
@@ -427,7 +427,7 @@ module MU
                 MU.log "Disabling connection draining on #{lb.dns_name}"
               end
               @targetgroups.values.each { |tg|
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_target_group_attributes(
                   target_group_arn: tg.target_group_arn,
                   attributes: [
                     {
@@ -443,7 +443,7 @@ module MU
           if !@config['access_log'].nil?
             MU.log "Setting access log params for #{lb.dns_name}", details: @config['access_log']
             if @config['classic']
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_name: @mu_name,
                 load_balancer_attributes: {
                   access_log: {
@@ -455,7 +455,7 @@ module MU
                 }
               )
             else
-              MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
+              MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_load_balancer_attributes(
                 load_balancer_arn: lb.load_balancer_arn,
                 attributes: [
                   {
@@ -485,7 +485,7 @@ module MU
               if !@config['lb_cookie_stickiness_policy']['timeout'].nil?
                 cookie_policy[:cookie_expiration_period] = @config['lb_cookie_stickiness_policy']['timeout']
               end
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_lb_cookie_stickiness_policy(cookie_policy)
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).create_lb_cookie_stickiness_policy(cookie_policy)
               lb_policy_names = Array.new
               lb_policy_names << @config['lb_cookie_stickiness_policy']['name']
               listener_policy = {
@@ -495,12 +495,12 @@ module MU
               lb_options[:listeners].each do |listener|
                 if listener[:protocol].upcase == 'HTTP' or listener[:protocol].upcase == 'HTTPS'
                   listener_policy[:load_balancer_port] = listener[:load_balancer_port]
-                  MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(listener_policy)
+                  MU::Cloud::AWS.elb(region: @region, credentials: @credentials).set_load_balancer_policies_of_listener(listener_policy)
                 end
               end
             else
               @targetgroups.values.each { |tg|
-                MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).modify_target_group_attributes(
                   target_group_arn: tg.target_group_arn,
                   attributes: [
                     {
@@ -529,7 +529,7 @@ module MU
                 policy_name: @config['app_cookie_stickiness_policy']['name'],
                 cookie_name: @config['app_cookie_stickiness_policy']['cookie']
               }
-              MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_app_cookie_stickiness_policy(cookie_policy)
+              MU::Cloud::AWS.elb(region: @region, credentials: @credentials).create_app_cookie_stickiness_policy(cookie_policy)
               lb_policy_names = Array.new
               lb_policy_names << @config['app_cookie_stickiness_policy']['name']
               listener_policy = {
@@ -539,7 +539,7 @@ module MU
               lb_options[:listeners].each do |listener|
                 if listener[:protocol].upcase == 'HTTP' or listener[:protocol].upcase == 'HTTPS'
                   listener_policy[:load_balancer_port] = listener[:load_balancer_port]
-                  MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(listener_policy)
+                  MU::Cloud::AWS.elb(region: @region, credentials: @credentials).set_load_balancer_policies_of_listener(listener_policy)
                 end
               end
             else
@@ -573,7 +573,7 @@ module MU
         # @return [String]
         def arn
           if @config['classic']
-            "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":elasticloadbalancing:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@config['credentials'])+":loadbalancer/"+@cloud_id
+            "arn:"+(MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws")+":elasticloadbalancing:"+@region+":"+MU::Cloud::AWS.credToAcct(@credentials)+":loadbalancer/"+@cloud_id
           else
             cloud_desc.load_balancer_arn
           end
@@ -585,21 +585,42 @@ module MU
           return @cloud_desc_cache if @cloud_desc_cache and use_cache
           return nil if !@cloud_id
           if @config['classic']
-            @cloud_desc_cache = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
+            @cloud_desc_cache = MU::Cloud::AWS.elb(region: @region, credentials: @credentials).describe_load_balancers(
               load_balancer_names: [@cloud_id]
             ).load_balancer_descriptions.first
             return @cloud_desc_cache
           else
-            @cloud_desc_cache = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
+            @cloud_desc_cache = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_load_balancers(
               names: [@cloud_id]
             ).load_balancers.first
-            if @targetgroups.nil? and !@deploy.nil? and
-                @deploy.deployment['loadbalancers'].has_key?(@config['name']) and
-                @deploy.deployment['loadbalancers'][@config['name']].has_key?("targetgroups")
+            if @targetgroups.nil? 
               @targetgroups = {}
-              @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"].each_pair { |tg_name, tg_arn|
-                @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
-              }
+              if !@deploy.nil? and
+                 @deploy.deployment['loadbalancers'] and
+                 @deploy.deployment['loadbalancers'][@config['name']] and
+                 @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"]
+                @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"].each_pair { |tg_name, tg_arn|
+                  @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
+                }
+              else
+                pp @config['targetgroups']
+                MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_target_groups(load_balancer_arn: @cloud_desc_cache.load_balancer_arn).target_groups.each { |tg|
+                  tg_name = tg.target_group_name
+                  if @config['targetgroups']
+                    @config['targetgroups'].each { |tg_cfg|
+                      if tg_name = @deploy.getResourceName(tg_cfg["name"], max_length: 32, disallowed_chars: /[^A-Za-z0-9-]/)
+                        tg_name = tg_cfg['name']
+                        break
+                      end
+                    }
+                  end
+                  @targetgroups[tg_name] = tg
+                }
+#                @config['targetgroups'].each { |tg|
+#                  tg_name = @deploy.getResourceName(tg["name"], max_length: 32, disallowed_chars: /[^A-Za-z0-9-]/)
+#                  @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
+#                }
+              end
             end
 
             return @cloud_desc_cache
@@ -628,7 +649,7 @@ module MU
         def registerNode(instance_id, targetgroups: nil)
           if @config['classic'] or !@config.has_key?("classic")
             MU.log "Registering #{instance_id} to ELB #{@cloud_id}"
-            MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).register_instances_with_load_balancer(
+            MU::Cloud::AWS.elb(region: @region, credentials: @credentials).register_instances_with_load_balancer(
               load_balancer_name: @cloud_id,
               instances: [
                 {instance_id: instance_id}
@@ -644,7 +665,7 @@ module MU
             end
             targetgroups.each { |tg|
               MU.log "Registering #{instance_id} to Target Group #{tg}"
-              MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).register_targets(
+              MU::Cloud::AWS.elb2(region: @region, credentials: @credentials).register_targets(
                 target_group_arn: @targetgroups[tg].target_group_arn,
                 targets: [
                   {id: instance_id}