cumulus-aws 0.11.1

data/lib/ec2/IPProtocolMapping.rb

@@ -0,0 +1,165 @@
+module Cumulus
+  module EC2
+    class IPProtocolMapping
+      @@protocol_keyword = Hash[{
+        "-1" => "all",
+        "0" => "HOPOPT",
+        "1" => "ICMP",
+        "2" => "IGMP",
+        "3" => "GGP",
+        "4" => "IP-in-IP",
+        "5" => "ST",
+        "6" => "TCP",
+        "7" => "CBT",
+        "8" => "EGP",
+        "9" => "IGP",
+        "10" => "BBN-RCC-MON",
+        "11" => "NVP-II",
+        "12" => "PUP",
+        "13" => "ARGUS",
+        "14" => "EMCON",
+        "15" => "XNET",
+        "16" => "CHAOS",
+        "17" => "UDP",
+        "18" => "MUX",
+        "19" => "DCN-MEAS",
+        "20" => "HMP",
+        "21" => "PRM",
+        "22" => "XNS-IDP",
+        "23" => "TRUNK-1",
+        "24" => "TRUNK-2",
+        "25" => "LEAF-1",
+        "26" => "LEAF-2",
+        "27" => "RDP",
+        "28" => "IRTP",
+        "29" => "ISO-TP4",
+        "30" => "NETBLT",
+        "31" => "MFE-NSP",
+        "32" => "MERIT-INP",
+        "33" => "DCCP",
+        "34" => "3PC",
+        "35" => "IDPR",
+        "36" => "XTP",
+        "37" => "DDP",
+        "38" => "IDPR-CMTP",
+        "39" => "TP++",
+        "40" => "IL",
+        "41" => "IPv6",
+        "42" => "SDRP",
+        "43" => "IPv6-Route",
+        "44" => "IPv6-Frag",
+        "45" => "IDRP",
+        "46" => "RSVP",
+        "47" => "GRE",
+        "48" => "MHRP",
+        "49" => "BNA",
+        "50" => "ESP",
+        "51" => "AH",
+        "52" => "I-NLSP",
+        "53" => "SWIPE",
+        "54" => "NARP",
+        "55" => "MOBILE",
+        "56" => "TLSP",
+        "57" => "SKIP",
+        "58" => "IPv6-ICMP",
+        "59" => "IPv6-NoNxt",
+        "60" => "IPv6-Opts",
+        "61" => "61",
+        "62" => "CFTP",
+        "63" => "63",
+        "64" => "SAT-EXPAK",
+        "65" => "KRYPTOLAN",
+        "66" => "RVD",
+        "67" => "IPPC",
+        "68" => "68",
+        "69" => "SAT-MON",
+        "70" => "VISA",
+        "71" => "IPCU",
+        "72" => "CPNX",
+        "73" => "CPHB",
+        "74" => "WSN",
+        "75" => "PVP",
+        "76" => "BR-SAT-MON",
+        "77" => "SUN-ND",
+        "78" => "WB-MON",
+        "79" => "WB-EXPAK",
+        "80" => "ISO-IP",
+        "81" => "VMTP",
+        "82" => "SECURE-VMTP",
+        "83" => "VINES",
+        "85" => "NSFNET-IGP",
+        "86" => "DGP",
+        "87" => "TCF",
+        "88" => "EIGRP",
+        "89" => "OSPF",
+        "90" => "Sprite-RPC",
+        "91" => "LARP",
+        "92" => "MTP",
+        "93" => "AX.25",
+        "94" => "IPIP",
+        "95" => "MICP",
+        "96" => "SCC-SP",
+        "97" => "ETHERIP",
+        "98" => "ENCAP",
+        "99" => "99",
+        "100" => "GMTP",
+        "101" => "IFMP",
+        "102" => "PNNI",
+        "103" => "PIM",
+        "104" => "ARIS",
+        "105" => "SCPS",
+        "106" => "QNX",
+        "107" => "A/N",
+        "108" => "IPComp",
+        "109" => "SNP",
+        "110" => "Compaq-Peer",
+        "111" => "IPX-in-IP",
+        "112" => "VRRP",
+        "113" => "PGM",
+        "114" => "114",
+        "115" => "L2TP",
+        "116" => "DDX",
+        "117" => "IATP",
+        "118" => "STP",
+        "119" => "SRP",
+        "120" => "UTI",
+        "121" => "SMP",
+        "122" => "SM",
+        "123" => "PTP",
+        "124" => "IS-IS over IPv4",
+        "125" => "FIRE",
+        "126" => "CRTP",
+        "127" => "CRUDP",
+        "128" => "SSCOPMCE",
+        "129" => "IPLT",
+        "130" => "SPS",
+        "131" => "PIPE",
+        "132" => "SCTP",
+        "133" => "FC",
+        "134" => "RSVP-E2E-IGNORE",
+        "135" => "Mobility Header",
+        "136" => "UDPLite",
+        "137" => "MPLS-in-IP",
+        "138" => "manet",
+        "139" => "HIP",
+        "140" => "Shim6",
+        "141" => "WESP",
+        "142" => "ROHC"
+      }.map { |protocol, keyword| [protocol, keyword.downcase] }]
+
+      @@keyword_protocol = @@protocol_keyword.invert
+
+      @@special_cases = {
+        "84" => ["ttp", "iptm"]
+      }
+
+      def self.keyword(protocol)
+        @@protocol_keyword[protocol] || @@special_cases[protocol].first
+      end
+
+      def self.protocol(keyword)
+        @@keyword_protocol[keyword.downcase] || @@special_cases.select { |k, v| v.include? keyword.downcase }.map { |k, _| k }.first
+      end
+    end
+  end
+end

data/lib/ec2/loaders/EbsLoader.rb

@@ -0,0 +1,19 @@
+require "common/BaseLoader"
+require "conf/Configuration"
+require "ec2/models/EbsGroupConfig"
+
+module Cumulus
+  module EC2
+    module EbsLoader
+
+      include Common::BaseLoader
+
+      @@groups_dir = Configuration.instance.ec2.ebs_directory
+
+      def self.groups
+        Common::BaseLoader::resources(@@groups_dir, &EbsGroupConfig.method(:new))
+      end
+
+    end
+  end
+end

data/lib/ec2/loaders/InstanceLoader.rb

@@ -0,0 +1,32 @@
+require "common/BaseLoader"
+require "conf/Configuration"
+
+require "base64"
+
+module Cumulus
+  module EC2
+    module InstanceLoader
+
+      include Common::BaseLoader
+
+      @@instances_dir = Configuration.instance.ec2.instances_directory
+      @@user_data_dir = Configuration.instance.ec2.user_data_directory
+
+      def self.instances
+        Common::BaseLoader::resources(@@instances_dir, &InstanceConfig.method(:new))
+      end
+
+      def self.user_data(file)
+        Common::BaseLoader::load_file(file, @@user_data_dir)
+      end
+
+      # Public: Returns a Hash of user data file name to base64 of its contents.
+      def self.user_data_base64
+        @user_data_base64 ||= Hash[Common::BaseLoader::resources(@@user_data_dir, false, &Proc.new do |name, contents|
+          [name, Base64.encode64(contents)]
+        end)]
+      end
+
+    end
+  end
+end

data/lib/ec2/managers/EbsManager.rb

@@ -0,0 +1,176 @@
+require "common/manager/Manager"
+require "conf/Configuration"
+require "ec2/EC2"
+require "ec2/loaders/EbsLoader"
+require "ec2/models/EbsGroupConfig"
+require "ec2/models/EbsGroupDiff"
+require "util/StatusCodes"
+
+require "aws-sdk"
+
+module Cumulus
+  module EC2
+    class EbsManager < Common::Manager
+
+      def initialize
+        super()
+        @create_asset = true
+        @client = Aws::EC2::Client.new(Configuration.instance.client)
+      end
+
+      def resource_name
+        "EBS Volume Group"
+      end
+
+      def local_resources
+        @local_resources ||= Hash[EbsLoader.groups.map { |local| [local.name, local] }]
+      end
+
+      def aws_resources
+        @aws_resources ||= EC2::group_ebs_volumes
+      end
+
+      def unmanaged_diff(aws)
+        EbsGroupDiff.unmanaged(aws)
+      end
+
+      def added_diff(local)
+        EbsGroupDiff.added(local)
+      end
+
+      def diff_resource(local, aws)
+        local.diff(aws)
+      end
+
+      EbsMigrationData = Struct.new(:cumulus_group, :set_group_vols)
+      def migrate
+        puts Colors.blue("Migrating EBS Volume Groups...")
+
+        # Create the directories
+        ec2_dir = "#{@migration_root}/ec2"
+        ebs_dir = "#{ec2_dir}/ebs"
+
+        if !Dir.exists?(@migration_root)
+          Dir.mkdir(@migration_root)
+        end
+        if !Dir.exists?(ec2_dir)
+          Dir.mkdir(ec2_dir)
+        end
+        if !Dir.exists?(ebs_dir)
+          Dir.mkdir(ebs_dir)
+        end
+
+        puts "Would you like Cumulus to automatically update your volumes to have a Group tag that matches the name of the instance they are attached to? (y/n)"
+        update_tags = (STDIN.getc.downcase[0] == "y")
+
+        # Migrate any volumes that have already been grouped
+        vol_groups = Hash[EC2.group_ebs_volumes.map { |group_name, cumulus_group| [group_name, EbsMigrationData.new(cumulus_group, nil)] }]
+
+        # Use the instance name to group volumes if they do not have a group.  Anything
+        # not attached should not get migrated
+        migratable_vols = EC2.ebs_volumes.select { |vol| vol.group.nil? and !vol.attachments.empty? and vol.attached? }
+        instance_grouped = migratable_vols.group_by do |vol|
+          attachments = vol.attachments.select { |att| att.state == "attached" || att.state == "attaching" }
+          attachments.first.instance_id
+        end
+
+        instance_grouped.each do |instance_id, vols|
+          instance_name = EC2.id_instances[instance_id].name || instance_id
+          vol_groups[instance_name] = EbsMigrationData.new(EbsGroupConfig.new(instance_name).populate!(vols), vols)
+        end
+
+        vol_groups.each do |group_name, data|
+          puts "Migrating group #{group_name}"
+
+          if update_tags and data.set_group_vols
+            data.set_group_vols.each do |vol|
+              if vol.group.nil?
+                set_group_name(vol.volume_id, group_name)
+              end
+            end
+          end
+
+          json = JSON.pretty_generate(data.cumulus_group.to_hash)
+          File.open("#{ebs_dir}/#{group_name}.json", "w") { |f| f.write(json) }
+        end
+
+      end
+
+      def create(local)
+        local.volume_groups.each do |vg|
+          vg.count.times do
+            create_volume(vg, local.availability_zone, local.name)
+          end
+        end
+      end
+
+      def update(local, diffs)
+
+        # If they tried to update AZ, use the old value
+        availability_zone = (diffs.select { |d| d.type == EbsGroupChange::AZ }.first.aws rescue local.availability_zone)
+
+        diffs.each do |diff|
+          case diff.type
+          when EbsGroupChange::AZ
+            puts Colors.blue("Availability zone cannot be updated")
+          when EbsGroupChange::VG_REMOVED
+            puts Colors.blue("Cumulus does not delete or detach volumes. Manually update #{diff.local.description}")
+          when EbsGroupChange::VG_ADDED
+            added_vg = diff.local
+            puts Colors.blue("Creating #{added_vg.count} x #{added_vg.description}...")
+            added_vg.count.times do
+              create_volume(added_vg, availability_zone, local.name)
+            end
+          when EbsGroupChange::VG_COUNT
+            if diff.local.count < diff.aws.count
+              puts Colors.blue("Cumulus will not delete or detach volumes. Manually update #{diff.local.description}")
+            else
+              num_added = diff.local.count - diff.aws.count
+              puts Colors.blue("Adding #{num_added} x #{diff.local.description}...")
+              num_added.times do
+                create_volume(diff.local, availability_zone, local.name)
+              end
+            end
+          end
+        end
+      end
+
+      private
+
+      # Internal: Sets the Group tag for an ebs volume
+      def set_group_name(volume_id, group_name)
+        @client.create_tags({
+          resources: [volume_id],
+          tags: [
+            {
+              key: "Group",
+              value: group_name
+            }
+          ]
+        })
+      end
+
+      # Internal: Creates a volume then sets the group name
+      #
+      # vg - the VolumeGroup config to use for volume attributes
+      # az - the availability zone to create the volume in
+      # group_name - the name of the group the volume belongs to
+      def create_volume(vg, az, group_name)
+        resp = @client.create_volume({
+          size: vg.size,
+          availability_zone: az,
+          volume_type: vg.type,
+          iops: vg.iops,
+          encrypted: vg.encrypted,
+          kms_key_id: vg.kms_key
+        })
+
+        set_group_name(resp.volume_id, group_name)
+      rescue => e
+        puts "Failed to create a volume of #{vg.description}: #{e}"
+        exit StatusCodes::EXCEPTION
+      end
+
+    end
+  end
+end

data/lib/ec2/managers/InstanceManager.rb

@@ -0,0 +1,509 @@
+require "autoscaling/AutoScaling"
+require "common/manager/Manager"
+require "conf/Configuration"
+require "ec2/EC2"
+require "ec2/loaders/InstanceLoader"
+require "ec2/models/InstanceConfig"
+require "ec2/models/InstanceDiff"
+require "iam/IAM"
+require "util/StatusCodes"
+
+require "aws-sdk"
+require "base64"
+
+module Cumulus
+  module EC2
+    class InstanceManager < Common::Manager
+
+      def initialize
+        super()
+        @create_asset = true
+        @client = Aws::EC2::Client.new(Configuration.instance.client)
+        @device_name_base = Configuration.instance.ec2.volume_mount_base
+        @device_name_start = Configuration.instance.ec2.volume_mount_start
+        @device_name_end = Configuration.instance.ec2.volume_mount_end
+      end
+
+      def resource_name
+        "EC2 Instance"
+      end
+
+      def local_resources
+        @local_resources ||= Hash[InstanceLoader.instances.map { |local| [local.name, local] }]
+      end
+
+      def aws_resources
+        @aws_resources ||=
+          EC2::named_instances
+            .reject { |name, i| AutoScaling::instance_ids.include?(i.instance_id) }
+            .select { |name, i| !Configuration.instance.ec2.ignore_unmanaged_instances || local_resources.has_key?(name) }
+      end
+
+      def unmanaged_diff(aws)
+        InstanceDiff.unmanaged(aws)
+      end
+
+      def added_diff(local)
+        InstanceDiff.added(local)
+      end
+
+      def diff_resource(local, aws)
+        puts Colors.blue("Processing #{local.name}...")
+        instance_attributes = EC2::id_instance_attributes(aws.instance_id)
+        user_data_file = InstanceLoader.user_data_base64.key(instance_attributes.user_data)
+        cumulus_version = InstanceConfig.new(local.name).populate!(aws, user_data_file, instance_attributes.tags)
+
+        local.diff(cumulus_version)
+      end
+
+      def migrate
+        puts Colors.blue("Migrating Instances...")
+
+        # Create the directories
+        ec2_dir = "#{@migration_root}/ec2"
+        instances_dir = "#{ec2_dir}/instances"
+        user_data_dir = "#{ec2_dir}/user-data-scripts"
+
+        if !Dir.exists?(@migration_root)
+          Dir.mkdir(@migration_root)
+        end
+        if !Dir.exists?(ec2_dir)
+          Dir.mkdir(ec2_dir)
+        end
+        if !Dir.exists?(instances_dir)
+          Dir.mkdir(instances_dir)
+        end
+        if !Dir.exists?(user_data_dir)
+          Dir.mkdir(user_data_dir)
+        end
+
+        # Only migrate instances not in an autoscaling group
+        migratable_instances = EC2::named_instances.reject { |name, i| AutoScaling::instance_ids.include?(i.instance_id) }
+        puts "Will migrate #{migratable_instances.length} instances"
+
+        migratable_instances.each do |name, instance|
+          puts "Migrating #{name}..."
+
+          instance_attributes = EC2::id_instance_attributes(instance.instance_id)
+
+          # If there was user data set, migrate that too
+          if instance_attributes.user_data
+            user_data_file = "#{name}.sh"
+            file_location = "#{user_data_dir}/#{user_data_file}"
+            puts "Migrating user data script to #{file_location}"
+            file_contents = Base64.decode64(instance_attributes.user_data)
+            File.open(file_location, "w") { |f| f.write(file_contents) }
+          end
+
+          cumulus_instance = InstanceConfig.new(name).populate!(instance, user_data_file, instance_attributes.tags)
+
+          json = JSON.pretty_generate(cumulus_instance.to_hash)
+          File.open("#{instances_dir}/#{name}.json", "w") { |f| f.write(json) }
+        end
+
+      end
+
+      def create(local)
+        #######################################
+        # Make sure required attributes are set
+        #######################################
+
+        # Check for image
+        errors = []
+        image_id = local.image || Configuration.instance.ec2.default_image_id
+        if image_id.nil?
+          errors << "image is required"
+        end
+
+        # Check for IAM profile
+        profile_arn = if local.profile.nil?
+          errors << "profile is required"
+          nil
+        else
+          arn = IAM::get_instance_profile_arn(local.profile)
+          if arn.nil?
+            errors << "no profile named #{local.profile} exists"
+          end
+          arn
+        end
+
+        # Check for security groups
+        if local.security_groups.empty?
+          errors << "security-groups is required"
+        end
+
+        # Check for subnet
+        if local.subnet.nil?
+          errors << "subnet is required"
+        end
+
+        aws_subnet = EC2::named_subnets[local.subnet]
+        if aws_subnet.nil?
+          errors << "subnet #{local.subnet} does not exist"
+        end
+
+        # Get the vpc id from the subnet
+        vpc_id = aws_subnet.vpc_id
+
+        security_group_ids = local.security_groups.map do |sg|
+          sg_id = SecurityGroups.vpc_security_group_id_names[vpc_id].key(sg)
+          if sg_id.nil?
+            errors << "security group #{sg} does not exist"
+          end
+          sg_id
+        end
+
+        # Check for type
+        if local.type.nil?
+          errors << "type is required"
+        end
+
+        # Make sure the placement group exists
+        if !local.placement_group.nil? and EC2::named_placement_groups[local.placement_group].nil?
+          errors << "placement group #{local.placement_group} does not exist"
+        end
+
+        availability_zone = if aws_subnet then aws_subnet.availability_zone end
+
+        # Check for volume groups
+        volumes = if !local.volume_groups.empty?
+          # Try to get the volumes for each volume group, make sure they are in the right AZ
+          local.volume_groups.map do |vg|
+            vols = EC2::group_ebs_volumes_aws[vg]
+            if vols.nil?
+              errors << "volume group #{vg} does not exist"
+            elsif vols.empty?
+              errors << "could not find volumes for group #{vg}"
+            else
+              if availability_zone and vols.any? { |vol| vol.availability_zone != availability_zone }
+                errors << "not all volumes in #{vg} are in the correct availability zone: #{availability_zone}"
+              end
+            end
+            vols
+          end.flatten
+        else
+          puts "Warning: Only the root volume will be attached to the instance"
+          []
+        end
+
+        # Make sure there are not more volumes than device names for volumes
+        if (@device_name_end.ord - @device_name_start.ord + 1) < volumes.length
+          errors << "cannot attach more volumes than there are names for between #{@device_name_base}#{@device_name_start} and #{@device_name_base}#{@device_name_end}"
+        end
+
+        if !errors.empty?
+          puts "Could not create #{local.name}:"
+          errors.each { |e| puts "\t#{e}"}
+          exit StatusCodes::EXCEPTION
+        end
+
+        created_instance = @client.run_instances({
+          image_id: image_id,
+          min_count: 1,
+          max_count: 1,
+          key_name: local.key_name,
+          security_group_ids: if local.network_interfaces == 0 then security_group_ids end,
+          user_data: if local.user_data then Base64.encode64(InstanceLoader.user_data(local.user_data)) end,
+          instance_type: local.type,
+          subnet_id: if local.network_interfaces == 0 then aws_subnet.subnet_id end,
+          placement: {
+            availability_zone: availability_zone,
+            group_name: local.placement_group,
+            tenancy: local.tenancy,
+          },
+          monitoring: {
+            enabled: local.monitoring
+          },
+          private_ip_address: if local.network_interfaces == 0 then local.private_ip_address end,
+          network_interfaces: Array.new(local.network_interfaces) do |index|
+            {
+              subnet_id: aws_subnet.subnet_id,
+              groups: security_group_ids,
+              delete_on_termination: true,
+              device_index: index,
+              private_ip_addresses: if local.network_interfaces == 1 and local.private_ip_address
+                [
+                  {
+                    private_ip_address: local.private_ip_address,
+                    primary: true
+                  }
+                ]
+              end
+            }
+          end,
+          iam_instance_profile: {
+            arn: profile_arn
+          },
+          ebs_optimized: local.ebs_optimized
+        }).instances.first
+
+        # Wait until the instance is running then attach volumes
+        print "Waiting for instance to run"
+        @client.wait_until(:instance_running, {
+          instance_ids: [created_instance.instance_id]
+        }) do |waiter|
+          waiter.before_wait { print "." }
+        end
+        puts ""
+
+        if !local.tags.empty?
+          set_tags(created_instance.instance_id, local.tags)
+        end
+        set_name(created_instance.instance_id, local.name)
+
+        if created_instance.source_dest_check != local.source_dest_check
+          set_instance_source_dest_check(created_instance.instance_id, local.source_dest_check)
+        end
+
+        # If there are multiple network interfaces, source dest check must be set on each one
+        if created_instance.network_interfaces.length > 1
+          created_instance.network_interfaces.each do |interface|
+            set_interface_source_dest_check(interface.network_interface_id, local.source_dest_check)
+          end
+        else
+          set_instance_source_dest_check(created_instance.instance_id, local.source_dest_check)
+        end
+
+        # Attach volume groups
+        attach_volumes(created_instance.instance_id, volumes, @device_name_start)
+
+      end
+
+      def update(local, diffs)
+        aws_instance = EC2::named_instances[local.name]
+
+        diffs.each do |diff|
+          case diff.type
+          when  InstanceChange::PROFILE,
+                InstanceChange::SUBNET,
+                InstanceChange::TYPE,
+                InstanceChange::TENANCY
+
+            puts Colors.red("Cannot change #{diff.asset_type}")
+          when InstanceChange::EBS
+            if !aws_instance.stopped?
+              puts Colors.red("Cannot update EBS Optimized unless the instance is stopped")
+            else
+              puts "Setting EBS Optimized to #{local.ebs_optimized}..."
+              set_ebs_optimized(aws_instance.instance_id, local.ebs_optimized)
+            end
+          when InstanceChange::MONITORING
+            if local.monitoring
+              puts "Enabling monitoring..."
+              set_monitoring(aws_instance.instance_id, true)
+            else
+              puts "Disabling monitoring..."
+              set_monitoring(aws_instance.instance_id, false)
+            end
+          when InstanceChange::SECURITY_GROUPS
+            puts "Updating Security Groups..."
+
+            # If there are multiple network interfaces, security groups must be set on each one
+            if aws_instance.network_interfaces.length > 1
+              aws_instance.network_interfaces.each do |interface|
+                set_interface_security_groups(aws_instance.vpc_id, interface.network_interface_id, local.security_groups)
+              end
+            else
+              set_instance_security_groups(aws_instance.vpc_id, aws_instance.instance_id, local.security_groups)
+            end
+
+          when InstanceChange::SDCHECK
+            puts "Setting Source Dest Check to #{local.source_dest_check}..."
+
+            # If there are multiple network interfaces, source dest check must be set on each one
+            if aws_instance.network_interfaces.length > 1
+              aws_instance.network_interfaces.each do |interface|
+                set_interface_source_dest_check(interface.network_interface_id, local.source_dest_check)
+              end
+            else
+              set_instance_source_dest_check(aws_instance.instance_id, local.source_dest_check)
+            end
+          when InstanceChange::INTERFACES
+            if diff.aws > diff.local
+              puts Colors.red("Cumulus will not detach or delete network interfaces. You must do so manually and update the config")
+            else
+              # Figure out highest device index for current interfaces
+              highest_device_index = (aws_instance.network_interfaces.map(&:attachment).map(&:device_index).max || 0) + 1
+
+              (diff.local - diff.aws).times do |i|
+                puts "Creating network interface..."
+                interface_id = create_network_interface(aws_instance.vpc_id, aws_instance.subnet_id, local.security_groups)
+                set_interface_source_dest_check(interface_id, local.source_dest_check)
+
+                puts "Attaching network interface..."
+                attachment_id = attach_network_interface(aws_instance.instance_id, interface_id, highest_device_index + i)
+                set_delete_on_terminate(interface_id, attachment_id)
+              end
+            end
+          when InstanceChange::VOLUME_GROUPS
+            # Figure out the highest device name for already attached volumes
+            last_device_name = aws_instance.nonroot_devices.map(&:device_name).sort.last
+            start_attaching_at = if last_device_name then (last_device_name[-1].ord + 1).chr else @start_device_letter end
+
+            # Figure out which volumes in the group are not attached
+            volumes_to_attach = diff.local.map { |group_name, group_config| EC2::group_ebs_volumes_aws[group_name] }.flatten.select(&:detached?)
+
+            # Make sure there are not more volumes than device names for volumes
+            if start_attaching_at.ord > @device_name_end.ord
+              puts Colors.red("Cannot attach volumes past #{@device_name_base}#{@device_name_end}")
+            elsif (@device_name_end.ord - start_attaching_at.ord + 1) < volumes_to_attach.length
+              puts Colors.red("Cannot attach more volumes than there are names for between #{@device_name_base}#{start_attaching_at} and #{@device_name_base}#{@device_name_end}")
+            else
+              attach_volumes(aws_instance.instance_id, volumes_to_attach, start_attaching_at)
+            end
+          when InstanceChange::TAGS
+            puts "Updating tags..."
+
+            if !diff.tags_to_remove.empty?
+              delete_tags(aws_instance.instance_id, diff.tags_to_remove)
+            end
+
+            if !diff.tags_to_add.empty?
+              set_tags(aws_instance.instance_id, diff.tags_to_add)
+            end
+
+          end
+        end
+      end
+
+      private
+
+      def set_name(instance_id, name)
+        @client.create_tags({
+          resources: [instance_id],
+          tags: [
+            {
+              key: "Name",
+              value: name
+            }
+          ]
+        })
+      end
+
+      def set_tags(instance_id, tags)
+        @client.create_tags({
+          resources: [instance_id],
+          tags: tags.map do |key, val|
+            {
+              key: key,
+              value: val
+            }
+          end
+        })
+      end
+
+      def delete_tags(instance_id, tags)
+        @client.delete_tags({
+          resources: [instance_id],
+          tags: tags.map do |key, val|
+            {
+              key: key,
+              value: val
+            }
+          end
+        })
+      end
+
+      def set_instance_source_dest_check(instance_id, source_dest_check)
+        @client.modify_instance_attribute({
+          instance_id: instance_id,
+          source_dest_check: {
+            value: source_dest_check
+          }
+        })
+      end
+
+      def set_interface_source_dest_check(interface_id, source_dest_check)
+        @client.modify_network_interface_attribute({
+          network_interface_id: interface_id,
+          source_dest_check: {
+            value: source_dest_check
+          }
+        })
+      end
+
+      def set_ebs_optimized(instance_id, optimized)
+        @client.modify_instance_attribute({
+          instance_id: instance_id,
+          ebs_optimized: {
+            value: optimized
+          }
+        })
+      end
+
+      def set_instance_security_groups(vpc_id, instance_id, sg_names)
+        @client.modify_instance_attribute({
+          instance_id: instance_id,
+          groups: sg_names.map { |sg| SecurityGroups.vpc_security_group_id_names[vpc_id].key(sg) }
+        })
+      end
+
+      def set_interface_security_groups(vpc_id, interface_id, sg_names)
+        @client.modify_network_interface_attribute({
+          network_interface_id: interface_id,
+          groups: sg_names.map { |sg| SecurityGroups.vpc_security_group_id_names[vpc_id].key(sg) }
+        })
+      end
+
+      def set_monitoring(instance_id, monitoring)
+        if monitoring
+          @client.monitor_instances({
+            instance_ids: [instance_id]
+          })
+        else
+          @client.unmonitor_instances({
+            instance_ids: [instance_id]
+          })
+        end
+      end
+
+      def create_network_interface(vpc_id, subnet_id, sg_names)
+        @client.create_network_interface({
+          subnet_id: subnet_id,
+          groups: sg_names.map { |sg| SecurityGroups.vpc_security_group_id_names[vpc_id].key(sg) }
+        }).network_interface.network_interface_id
+      end
+
+      def attach_network_interface(instance_id, interface_id, device_index)
+        @client.attach_network_interface({
+          network_interface_id: interface_id,
+          instance_id: instance_id,
+          device_index: device_index
+        }).attachment_id
+      end
+
+      def set_delete_on_terminate(interface_id, attachment_id)
+        @client.modify_network_interface_attribute({
+          network_interface_id: interface_id,
+          attachment: {
+            attachment_id: attachment_id,
+            delete_on_termination: true
+          }
+        })
+      end
+
+      def attach_volumes(instance_id, volumes, start_device_letter)
+
+        device_letter = start_device_letter
+
+        # sort volumes by size then map to id
+        volume_ids = volumes.sort_by(&:size).map(&:volume_id)
+
+        volume_ids.each do |vol_id|
+          device_name = "#{@device_name_base}#{device_letter}"
+          puts "Attaching volume to #{device_name}..."
+
+          @client.attach_volume({
+            instance_id: instance_id,
+            volume_id: vol_id,
+            device: device_name
+          })
+
+          device_letter = (device_letter.ord + 1).chr
+        end
+
+      end
+
+    end
+  end
+end