knife-ec2 0.19.16 → 1.0.1

data/lib/chef/knife/ec2_securitygroup_list.rb

@@ -0,0 +1,68 @@
+#
+# Author:: Tim Smith (<tsmith@chef.io>)
+# Copyright:: Copyright (c) 2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/knife/ec2_base"
+
+class Chef
+  class Knife
+    class Ec2SecuritygroupList < Knife
+
+      include Knife::Ec2Base
+
+      banner "knife ec2 securitygroup list (options)"
+
+      def run
+        validate_aws_config!
+        custom_warnings!
+
+        sg_list = [
+          ui.color("ID", :bold),
+          ui.color("Name", :bold),
+          ui.color("VPC ID", :bold)
+        ].flatten.compact
+
+        output_column_count = sg_list.length
+
+        if config[:format] == "summary"
+          sg_hash.each_pair do |_k, v|
+            sg_list << v["group_id"]
+            sg_list << v["group_name"]
+            sg_list << v["vpc_id"]
+          end
+          puts ui.list(sg_list, :uneven_columns_across, output_column_count)
+        else
+          output(format_for_display(sg_hash))
+        end
+      end
+
+      private
+
+      def sg_hash
+        all_data = {}
+        ec2_connection.describe_security_groups.first.security_groups.each do |s|
+          s_data = {}
+          %w{group_name group_id vpc_id}.each do |id|
+            s_data[id] = s.send(id)
+          end
+          all_data[s_data["group_id"]] = s_data
+        end
+        all_data
+      end
+    end
+  end
+end

data/lib/chef/knife/ec2_server_create.rb

@@ -19,20 +19,18 @@
 
 require "chef/knife/ec2_base"
 require "chef/knife/s3_source"
-require "chef/knife/winrm_base"
-require "chef/knife/bootstrap_windows_base"
+require "chef/knife/bootstrap"
 
 class Chef
   class Knife
-    class Ec2ServerCreate < Knife
+    class Ec2ServerCreate < Chef::Knife::Bootstrap
 
       include Knife::Ec2Base
-      include Knife::WinrmBase
-      include Knife::BootstrapWindowsBase
+
       deps do
         require "tempfile"
         require "uri"
-        require "chef/knife/bootstrap"
+        require "net/ssh"
         Chef::Knife::Bootstrap.load_deps
       end
 
@@ -119,70 +117,12 @@ class Chef
         description: "The Availability Zone",
         proc: Proc.new { |key| Chef::Config[:knife][:availability_zone] = key }
 
-      option :chef_node_name,
-        short: "-N NAME",
-        long: "--node-name NAME",
-        description: "The Chef node name for your new node",
-        proc: Proc.new { |key| Chef::Config[:knife][:chef_node_name] = key }
-
       option :ssh_key_name,
         short: "-S KEY",
         long: "--ssh-key KEY",
         description: "The AWS SSH key id",
         proc: Proc.new { |key| Chef::Config[:knife][:ssh_key_name] = key }
 
-      option :ssh_user,
-        short: "-x USERNAME",
-        long: "--ssh-user USERNAME",
-        description: "The ssh username",
-        default: "root"
-
-      option :ssh_password,
-        short: "-P PASSWORD",
-        long: "--ssh-password PASSWORD",
-        description: "The ssh password"
-
-      option :ssh_port,
-        short: "-p PORT",
-        long: "--ssh-port PORT",
-        description: "The ssh port",
-        default: "22",
-        proc: Proc.new { |key| Chef::Config[:knife][:ssh_port] = key }
-
-      option :ssh_gateway,
-        short: "-w GATEWAY",
-        long: "--ssh-gateway GATEWAY",
-        description: "The ssh gateway server. Any proxies configured in your ssh config are automatically used by default.",
-        proc: Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key }
-
-      option :ssh_gateway_identity,
-        long: "--ssh-gateway-identity IDENTITY_FILE",
-        description: "The private key for ssh gateway server",
-        proc: Proc.new { |key| Chef::Config[:knife][:ssh_gateway_identity] = key }
-
-      option :identity_file,
-        short: "-i IDENTITY_FILE",
-        long: "--identity-file IDENTITY_FILE",
-        description: "The SSH identity file used for authentication"
-
-      option :prerelease,
-        long: "--prerelease",
-        description: "Install the pre-release chef gems"
-
-      option :bootstrap_version,
-        long: "--bootstrap-version VERSION",
-        description: "The version of Chef to install",
-        proc: Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
-
-      option :bootstrap_proxy,
-        long: "--bootstrap-proxy PROXY_URL",
-        description: "The proxy server for the node being bootstrapped",
-        proc: Proc.new { |p| Chef::Config[:knife][:bootstrap_proxy] = p }
-
-      option :bootstrap_template,
-        long: "--bootstrap-template TEMPLATE",
-        description: "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
-
       option :ebs_size,
         long: "--ebs-size SIZE",
         description: "The size of the EBS volume in GB, for EBS-backed instances"
@@ -195,13 +135,6 @@ class Chef
         long: "--ebs-no-delete-on-term",
         description: "Do not delete EBS volume on instance termination"
 
-      option :run_list,
-        short: "-r RUN_LIST",
-        long: "--run-list RUN_LIST",
-        description: "Comma separated list of roles/recipes to apply",
-        proc: lambda { |o| o.split(/[\s,]+/) },
-        default: []
-
       option :secret,
         long: "--secret ",
         description: "The secret key to use to encrypt data bag item values",
@@ -227,18 +160,6 @@ class Chef
         description: "allows to specify the private IP address of the instance in VPC mode",
         proc: Proc.new { |ip| Chef::Config[:knife][:private_ip_address] = ip }
 
-      option :host_key_verify,
-        long: "--[no-]host-key-verify",
-        description: "Verify host key, enabled by default.",
-        boolean: true,
-        default: true
-
-      option :bootstrap_protocol,
-        long: "--bootstrap-protocol protocol",
-        description: "protocol to bootstrap windows servers. options: winrm/ssh",
-        proc: Proc.new { |key| Chef::Config[:knife][:bootstrap_protocol] = key },
-        default: nil
-
       option :fqdn,
         long: "--fqdn FQDN",
         description: "Pre-defined FQDN. This is used for Kerberos Authentication purpose only",
@@ -252,15 +173,6 @@ class Chef
         proc: Proc.new { |m| Chef::Config[:knife][:aws_user_data] = m },
         default: nil
 
-      option :hint,
-        long: "--hint HINT_NAME[=HINT_FILE]",
-        description: "Specify Ohai Hint to be set on the bootstrap target.  Use multiple --hint options to specify multiple hints.",
-        proc: Proc.new { |h|
-          Chef::Config[:knife][:hints] ||= {}
-          name, path = h.split("=")
-          Chef::Config[:knife][:hints][name] = path ? JSON.parse(::File.read(path)) : Hash.new
-        }
-
       option :ephemeral,
         long: "--ephemeral EPHEMERAL_DEVICES",
         description: "Comma separated list of device locations (eg - /dev/sdb) to map ephemeral devices",
@@ -291,11 +203,6 @@ class Chef
         proc: Proc.new { |key| Chef::Config[:knife][:provisioned_iops] = key },
         default: nil
 
-      option :auth_timeout,
-        long: "--windows-auth-timeout MINUTES",
-        description: "The maximum time in minutes to wait to for authentication over the transport to the node to succeed. The default value is 25 minutes.",
-        default: 25
-
       option :validation_key_url,
         long: "--validation-key-url URL",
         description: "Path to the validation key",
@@ -331,76 +238,6 @@ class Chef
         proc: proc { |t| t = t.to_i * 60; Chef::Config[:aws_connection_timeout] = t },
         default: 600
 
-      option :node_ssl_verify_mode,
-        long: "--node-ssl-verify-mode [peer|none]",
-        description: "Whether or not to verify the SSL cert for all HTTPS requests.",
-        proc: Proc.new { |v|
-          valid_values = %w{none peer}
-          unless valid_values.include?(v)
-            raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
-          end
-        }
-
-      option :node_verify_api_cert,
-        long: "--[no-]node-verify-api-cert",
-        description: "Verify the SSL cert for HTTPS requests to the Chef server API.",
-        boolean: true
-
-      option :bootstrap_no_proxy,
-        long: "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
-        description: "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
-        proc: Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
-
-      option :bootstrap_url,
-        long: "--bootstrap-url URL",
-        description: "URL to a custom installation script",
-        proc: Proc.new { |u| Chef::Config[:knife][:bootstrap_url] = u }
-
-      option :bootstrap_install_command,
-        long: "--bootstrap-install-command COMMANDS",
-        description: "Custom command to install chef-client",
-        proc: Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
-
-      option :bootstrap_wget_options,
-        long: "--bootstrap-wget-options OPTIONS",
-        description: "Add options to wget when installing chef-client",
-        proc: Proc.new { |wo| Chef::Config[:knife][:bootstrap_wget_options] = wo }
-
-      option :bootstrap_curl_options,
-        long: "--bootstrap-curl-options OPTIONS",
-        description: "Add options to curl when install chef-client",
-        proc: Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co }
-
-      option :bootstrap_vault_file,
-        long: "--bootstrap-vault-file VAULT_FILE",
-        description: "A JSON file with a list of vault(s) and item(s) to be updated"
-
-      option :bootstrap_vault_json,
-        long: "--bootstrap-vault-json VAULT_JSON",
-        description: "A JSON string with the vault(s) and item(s) to be updated"
-
-      option :bootstrap_vault_item,
-        long: "--bootstrap-vault-item VAULT_ITEM",
-        description: 'A single vault and item to update as "vault:item"',
-        proc: Proc.new { |i|
-          (vault, item) = i.split(/:/)
-          Chef::Config[:knife][:bootstrap_vault_item] ||= {}
-          Chef::Config[:knife][:bootstrap_vault_item][vault] ||= []
-          Chef::Config[:knife][:bootstrap_vault_item][vault].push(item)
-          Chef::Config[:knife][:bootstrap_vault_item]
-        }
-
-      option :use_sudo_password,
-        long: "--use-sudo-password",
-        description: "Execute the bootstrap via sudo with password",
-        boolean: false
-
-      option :forward_agent,
-        short: "-A",
-        long: "--forward-agent",
-        description: "Enable SSH agent forwarding",
-        boolean: true
-
       option :create_ssl_listener,
         long: "--[no-]create-ssl-listener",
         description: "Create ssl listener, enabled by default.",
@@ -409,7 +246,7 @@ class Chef
 
       option :network_interfaces,
         short: "-n",
-        long: "--attach-network-interface ENI1,ENI2",
+        long: "--attach-network-interface ENI_ID1,ENI_ID2",
         description: "Attach additional network interfaces during bootstrap",
         proc: proc { |nics| nics.split(",") }
 
@@ -465,22 +302,18 @@ class Chef
           Chef::Config[:knife][:aws_tag]
         }
 
-      def run
-        $stdout.sync = true
-        validate!
-
+      def plugin_create_instance!
         requested_elastic_ip = config[:associate_eip] if config[:associate_eip]
 
         # For VPC EIP assignment we need the allocation ID so fetch full EIP details
-        elastic_ip = connection.addresses.detect { |addr| addr if addr.public_ip == requested_elastic_ip }
+        elastic_ip = ec2_connection.describe_addresses.addresses.detect { |addr| addr if addr.public_ip == requested_elastic_ip }
 
-        if locate_config_value(:spot_price)
-          server_def = create_server_def
-          server_def[:groups] = server_def[:security_group_ids] if vpc_mode?
-          spot_request = connection.spot_requests.create(server_def)
-          msg_pair("Spot Request ID", spot_request.id)
-          msg_pair("Spot Request Type", spot_request.request_type)
-          msg_pair("Spot Price", spot_request.price)
+        if config_value(:spot_price)
+          server_def = spot_instances_attributes
+          spot_request = ec2_connection.request_spot_instances(server_def)
+          msg_pair("Spot Request ID", spot_request.spot_instance_request_id)
+          msg_pair("Spot Request Type", spot_request.type)
+          msg_pair("Spot Price", spot_request.spot_price)
 
           case config[:spot_wait_mode]
           when "prompt", "", nil
@@ -501,16 +334,18 @@ class Chef
           end
 
           print ui.color("Waiting for Spot Request fulfillment:  ", :cyan)
-          spot_request.wait_for do
-            @spinner ||= %w{| / - \\}
-            print "\b" + @spinner.rotate!.first
-            ready?
-          end
-          puts("\n")
-          @server = connection.servers.get(spot_request.instance_id)
+          spot_response = spot_instances_wait_until_ready(spot_request.spot_instance_request_id)
+
+          @server = fetch_ec2_instance(spot_response.instance_id)
         else
           begin
-            @server = connection.servers.create(create_server_def)
+            response_obj = create_ec2_instance(server_attributes)
+            instance_id = response_obj.instances[0].instance_id
+            print "\n#{ui.color("Waiting for EC2 to create the instance\n", :magenta)}"
+
+            # wait for instance to come up before acting against it
+            instances_wait_until_ready(instance_id)
+            @server = fetch_ec2_instance(instance_id)
           rescue => error
             error.message.sub("download completed, but downloaded file not found", "Verify that you have public internet access.")
             ui.error error.message
@@ -519,53 +354,19 @@ class Chef
           end
         end
 
-        hashed_tags = {}
-        tags.map { |t| key, val = t.split("="); hashed_tags[key] = val } unless tags.nil?
-
-        # Always set the Name tag
-        unless hashed_tags.keys.include? "Name"
-          if locate_config_value(:chef_node_name)
-            hashed_tags["Name"] = evaluate_node_name(locate_config_value(:chef_node_name))
-          else
-            hashed_tags["Name"] = server.id
-          end
-        end
-
-        printed_aws_tags = hashed_tags.map { |tag, val| "#{tag}: #{val}" }.join(", ")
-
-        hashed_volume_tags = {}
-        volume_tags = locate_config_value(:volume_tags)
-        volume_tags.map { |t| key, val = t.split("="); hashed_volume_tags[key] = val } unless volume_tags.nil?
-        printed_volume_tags = hashed_volume_tags.map { |tag, val| "#{tag}: #{val}" }.join(", ")
-
-        msg_pair("Instance ID", @server.id)
-        msg_pair("Flavor", @server.flavor_id)
-        msg_pair("Image", @server.image_id)
-        msg_pair("Region", connection.instance_variable_get(:@region))
-        msg_pair("Availability Zone", @server.availability_zone)
-
-        # If we don't specify a security group or security group id, Fog will
-        # pick the appropriate default one. In case of a VPC we don't know the
-        # default security group id at this point unless we look it up, hence
-        # 'default' is printed if no id was specified.
-        printed_security_groups = "default"
-        printed_security_groups = @server.groups.join(", ") if @server.groups
-        msg_pair("Security Groups", printed_security_groups) unless vpc_mode? || (@server.groups.nil? && @server.security_group_ids)
+        msg_pair("Instance ID", server.id)
+        msg_pair("Flavor", server.instance_type)
+        msg_pair("Image", server.image_id)
+        msg_pair("Region", fetch_region)
+        msg_pair("Availability Zone", server.availability_zone)
+        msg_pair("Security Groups", printed_security_groups) unless vpc_mode? || (server.groups && server.security_groups_ids)
+        msg_pair("Security Group Ids", printed_security_group_ids) if vpc_mode? || server.security_groups_ids
 
-        printed_security_group_ids = "default"
-        printed_security_group_ids = @server.security_group_ids.join(", ") if @server.security_group_ids
-        msg_pair("Security Group Ids", printed_security_group_ids) if vpc_mode? || @server.security_group_ids
-
-        msg_pair("IAM Profile", locate_config_value(:iam_instance_profile))
+        msg_pair("IAM Profile", config_value(:iam_instance_profile))
 
         msg_pair("AWS Tags", printed_aws_tags)
         msg_pair("Volume Tags", printed_volume_tags)
-        msg_pair("SSH Key", @server.key_name)
-
-        print "\n#{ui.color("Waiting for EC2 to create the instance", :magenta)}"
-
-        # wait for instance to come up before acting against it
-        @server.wait_for(locate_config_value(:aws_connection_timeout)) { print "."; ready? }
+        msg_pair("SSH Key", server.key_name)
 
         puts("\n")
 
@@ -574,9 +375,9 @@ class Chef
         begin
           create_tags(hashed_tags) unless hashed_tags.empty?
           create_volume_tags(hashed_volume_tags) unless hashed_volume_tags.empty?
-          associate_eip(elastic_ip) if config[:associate_eip]
+          associate_address(elastic_ip) if config[:associate_eip]
           enable_classic_link(config[:classic_link_vpc_id], config[:classic_link_vpc_security_group_ids]) if config[:classic_link_vpc_id]
-        rescue Fog::Compute::AWS::NotFound, Fog::Errors::Error
+        rescue Aws::EC2::Errors::ServiceError, Aws::EC2::Errors::Error
           raise if (tries -= 1) <= 0
           ui.warn("server not ready, retrying tag application (retries left: #{tries})")
           sleep 5
@@ -586,115 +387,131 @@ class Chef
         attach_nics if config[:network_interfaces]
 
         if vpc_mode?
-          msg_pair("Subnet ID", @server.subnet_id)
-          msg_pair("Tenancy", @server.tenancy)
+          msg_pair("Subnet ID", server.subnet_id)
+          msg_pair("Tenancy", server.tenancy)
           if config[:associate_public_ip]
-            msg_pair("Public DNS Name", @server.dns_name)
+            msg_pair("Public DNS Name", server.public_dns_name)
           end
           if elastic_ip
-            msg_pair("Public IP Address", @server.public_ip_address)
+            msg_pair("Public IP Address", server.public_ip_address)
           end
         else
-          msg_pair("Public DNS Name", @server.dns_name)
-          msg_pair("Public IP Address", @server.public_ip_address)
-          msg_pair("Private DNS Name", @server.private_dns_name)
+          msg_pair("Public DNS Name", server.public_dns_name)
+          msg_pair("Public IP Address", server.public_ip_address)
+          msg_pair("Private DNS Name", server.private_dns_name)
         end
-        msg_pair("Private IP Address", @server.private_ip_address)
+        msg_pair("Private IP Address", server.private_ip_address)
 
         if Chef::Config[:knife][:validation_key_url]
           download_validation_key(validation_key_path)
           Chef::Config[:validation_key] = validation_key_path
         end
 
+        config[:connection_protocol] ||= connection_protocol
+        config[:connection_port] ||= connection_port
+
         # Check if Server is Windows or Linux
         if is_image_windows?
-          protocol = locate_config_value(:bootstrap_protocol)
-          protocol ||= "winrm"
-          if protocol == "winrm"
-            load_winrm_deps
+          if winrm?
             print "\n#{ui.color("Waiting for winrm access to become available", :magenta)}"
-            print(".") until tcp_test_winrm(ssh_connect_host, locate_config_value(:winrm_port)) do
+            print(".") until tcp_test_winrm(connection_host, connection_port) do
               sleep 10
               puts("done")
             end
           else
             print "\n#{ui.color("Waiting for sshd access to become available", :magenta)}"
             # If FreeSSHd, winsshd etc are available
-            print(".") until tcp_test_ssh(ssh_connect_host, config[:ssh_port]) do
+            print(".") until tcp_test_ssh(connection_host, connection_port) do
               sleep @initial_sleep_delay ||= (vpc_mode? ? 40 : 10)
               puts("done")
             end
-            ssh_override_winrm
           end
-          bootstrap_for_windows_node(@server, ssh_connect_host).run
         else
           print "\n#{ui.color("Waiting for sshd access to become available", :magenta)}"
-          wait_for_sshd(ssh_connect_host)
-          ssh_override_winrm
-          bootstrap_for_linux_node(@server, ssh_connect_host).run
+          wait_for_sshd(connection_host)
         end
 
+        fqdn = connection_host
+        if winrm?
+          if config_value(:kerberos_realm)
+            # Fetch AD/WINS based fqdn if any for Kerberos-based Auth
+            fqdn = config_value(:fqdn) || fetch_server_fqdn(server.private_ip_address)
+          end
+          config[:connection_password] = windows_password
+        end
+        @name_args = [fqdn]
+
+        if config_value(:chef_node_name)
+          config[:chef_node_name] = evaluate_node_name(config_value(:chef_node_name))
+        else
+          config[:chef_node_name] = server.id
+        end
+        bootstrap_common_params
+      end
+
+      def plugin_finalize
         puts "\n"
-        msg_pair("Instance ID", @server.id)
-        msg_pair("Flavor", @server.flavor_id)
-        msg_pair("Placement Group", @server.placement_group) unless @server.placement_group.nil?
-        msg_pair("Image", @server.image_id)
-        msg_pair("Region", connection.instance_variable_get(:@region))
-        msg_pair("Availability Zone", @server.availability_zone)
-        msg_pair("Security Groups", printed_security_groups) unless vpc_mode? || (@server.groups.nil? && @server.security_group_ids)
-        msg_pair("Security Group Ids", printed_security_group_ids) if vpc_mode? || @server.security_group_ids
-        msg_pair("IAM Profile", locate_config_value(:iam_instance_profile)) if locate_config_value(:iam_instance_profile)
-        msg_pair("Primary ENI", locate_config_value(:primary_eni)) if locate_config_value(:primary_eni)
+        msg_pair("Instance ID", server.id)
+        msg_pair("Flavor", server.instance_type)
+        msg_pair("Placement Group", server.placement_group) unless server.placement_group.nil?
+        msg_pair("Image", server.image_id)
+        msg_pair("Region", fetch_region)
+        msg_pair("Availability Zone", server.availability_zone)
+        msg_pair("Security Groups", printed_security_groups) unless vpc_mode? || (server.groups.nil? && server.security_group_ids)
+        msg_pair("Security Group Ids", printed_security_group_ids) if vpc_mode? || server.security_group_ids
+        msg_pair("IAM Profile", config_value(:iam_instance_profile)) if config_value(:iam_instance_profile)
+        msg_pair("Primary ENI", config_value(:primary_eni)) if config_value(:primary_eni)
         msg_pair("AWS Tags", printed_aws_tags)
-        msg_pair("Chef Tags", locate_config_value(:chef_tag)) if locate_config_value(:chef_tag)
-        msg_pair("SSH Key", @server.key_name)
-        msg_pair("Root Device Type", @server.root_device_type)
+        msg_pair("Chef Tags", config_value(:chef_tag)) if config_value(:chef_tag)
+        msg_pair("SSH Key", server.key_name)
+        msg_pair("Root Device Type", server.root_device_type)
         msg_pair("Root Volume Tags", printed_volume_tags)
-        if @server.root_device_type == "ebs"
-          device_map = @server.block_device_mapping.first
-          msg_pair("Root Volume ID", device_map["volumeId"])
-          msg_pair("Root Device Name", device_map["deviceName"])
-          msg_pair("Root Device Delete on Terminate", device_map["deleteOnTermination"])
-          msg_pair("Standard or Provisioned IOPS", device_map["volumeType"])
-          msg_pair("IOPS rate", device_map["iops"])
+        if server.root_device_type == "ebs"
+          device_map = server.block_device_mappings.first
+          msg_pair("Root Device Name", device_map.device_name)
+          msg_pair("Root Volume ID", device_map.ebs.volume_id)
+          msg_pair("Root Device Delete on Terminate", device_map.ebs.delete_on_termination)
+          msg_pair("Standard or Provisioned IOPS", device_map.ebs.volume_type) if device_map.ebs.respond_to?("volume_type")
+          msg_pair("IOPS rate", device_map.ebs.iops) if device_map.ebs.respond_to?("iops")
 
           print "\n#{ui.color("Block devices", :magenta)}\n"
           print "#{ui.color("===========================", :magenta)}\n"
-          @server.block_device_mapping.each do |device_map|
-            msg_pair("Device Name", device_map["deviceName"])
-            msg_pair("Volume ID", device_map["volumeId"])
-            msg_pair("Delete on Terminate", device_map["deleteOnTermination"].to_s)
-            msg_pair("Standard or Provisioned IOPS", device_map["volumeType"])
-            msg_pair("IOPS rate", device_map["iops"])
+          server.block_device_mappings.each do |device_map|
+            msg_pair("Device Name", device_map.device_name)
+            msg_pair("Volume ID", device_map.ebs.volume_id)
+            msg_pair("Delete on Terminate", device_map.ebs.delete_on_termination.to_s)
+            msg_pair("Standard or Provisioned IOPS", device_map.ebs.volume_type) if device_map.ebs.respond_to?("volume_type")
+            msg_pair("IOPS rate", device_map.ebs.iops) if device_map.ebs.respond_to?("iops")
             print "\n"
           end
           print "#{ui.color("===========================", :magenta)}\n"
 
           if config[:ebs_size]
-            if ami.block_device_mapping.first["volumeSize"].to_i < config[:ebs_size].to_i
+            volume_size = ami.block_device_mappings[0].ebs.volume_size
+            if volume_size.to_i < config[:ebs_size].to_i
               volume_too_large_warning = "#{config[:ebs_size]}GB " +
                 "EBS volume size is larger than size set in AMI of " +
-                "#{ami.block_device_mapping.first['volumeSize']}GB.\n" +
+                "#{volume_size}GB.\n" +
                 "Use file system tools to make use of the increased volume size."
               msg_pair("Warning", volume_too_large_warning, :yellow)
             end
           end
         end
         if config[:ebs_optimized]
-          msg_pair("EBS is Optimized", @server.ebs_optimized.to_s)
+          msg_pair("EBS is Optimized", server.ebs_optimized.to_s)
         end
         if vpc_mode?
-          msg_pair("Subnet ID", @server.subnet_id)
-          msg_pair("Tenancy", @server.tenancy)
+          msg_pair("Subnet ID", server.subnet_id)
+          msg_pair("Tenancy", server.tenancy)
           if config[:associate_public_ip]
-            msg_pair("Public DNS Name", @server.dns_name)
+            msg_pair("Public DNS Name", server.public_dns_name)
           end
         else
-          msg_pair("Public DNS Name", @server.dns_name)
-          msg_pair("Public IP Address", @server.public_ip_address)
-          msg_pair("Private DNS Name", @server.private_dns_name)
+          msg_pair("Public DNS Name", server.public_dns_name)
+          msg_pair("Public IP Address", server.public_ip_address)
+          msg_pair("Private DNS Name", server.private_dns_name)
         end
-        msg_pair("Private IP Address", @server.private_ip_address)
+        msg_pair("Private IP Address", server.private_ip_address)
         msg_pair("Environment", config[:environment] || "_default")
         msg_pair("Run List", (config[:run_list] || []).join(", "))
         if config[:first_boot_attributes] || config[:first_boot_attributes_from_file]
@@ -742,54 +559,30 @@ class Chef
 
       def s3_secret
         @s3_secret ||= begin
-          return false unless locate_config_value(:s3_secret)
-          Chef::Knife::S3Source.fetch(locate_config_value(:s3_secret))
+          return false unless config_value(:s3_secret)
+          Chef::Knife::S3Source.fetch(config_value(:s3_secret))
         end
       end
 
-      def bootstrap_common_params(bootstrap)
-        bootstrap.config[:run_list] = config[:run_list]
-        bootstrap.config[:policy_group] = locate_config_value(:policy_group)
-        bootstrap.config[:policy_name] = locate_config_value(:policy_name)
-        bootstrap.config[:bootstrap_version] = locate_config_value(:bootstrap_version)
-        bootstrap.config[:environment] = locate_config_value(:environment)
-        bootstrap.config[:prerelease] = config[:prerelease]
-        bootstrap.config[:first_boot_attributes] = locate_config_value(:first_boot_attributes)
-        bootstrap.config[:first_boot_attributes_from_file] = locate_config_value(:first_boot_attributes_from_file)
-        bootstrap.config[:encrypted_data_bag_secret] = s3_secret || locate_config_value(:secret)
-        bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:secret_file)
+      def bootstrap_common_params
+        config[:encrypted_data_bag_secret] = s3_secret || config_value(:secret)
+        config[:encrypted_data_bag_secret_file] = config_value(:secret_file)
         # retrieving the secret from S3 is unique to knife-ec2, so we need to set "command line secret" to the value fetched from S3
         # When linux vm is spawned, the chef's secret option proc function sets the value "command line secret" and this value is used by
         # chef's code to check if secret option is passed through command line or not
-        Chef::Knife::DataBagSecretOptions.set_cl_secret(s3_secret) if locate_config_value(:s3_secret)
-        bootstrap.config[:secret] = s3_secret || locate_config_value(:secret)
-        bootstrap.config[:secret_file] = locate_config_value(:secret_file)
-        bootstrap.config[:node_ssl_verify_mode] = locate_config_value(:node_ssl_verify_mode)
-        bootstrap.config[:node_verify_api_cert] = locate_config_value(:node_verify_api_cert)
-        bootstrap.config[:bootstrap_no_proxy] = locate_config_value(:bootstrap_no_proxy)
-        bootstrap.config[:bootstrap_url] = locate_config_value(:bootstrap_url)
-        bootstrap.config[:bootstrap_install_command] = locate_config_value(:bootstrap_install_command)
-        bootstrap.config[:bootstrap_wget_options] = locate_config_value(:bootstrap_wget_options)
-        bootstrap.config[:bootstrap_curl_options] = locate_config_value(:bootstrap_curl_options)
-        bootstrap.config[:bootstrap_vault_file] = locate_config_value(:bootstrap_vault_file)
-        bootstrap.config[:bootstrap_vault_json] = locate_config_value(:bootstrap_vault_json)
-        bootstrap.config[:bootstrap_vault_item] = locate_config_value(:bootstrap_vault_item)
-        bootstrap.config[:bootstrap_template] = locate_config_value(:bootstrap_template)
-        bootstrap.config[:use_sudo_password] = locate_config_value(:use_sudo_password)
-        bootstrap.config[:yes] = locate_config_value(:yes)
+        Chef::Knife::DataBagSecretOptions.set_cl_secret(s3_secret) if config_value(:s3_secret)
+        config[:secret] = s3_secret || config_value(:secret)
+
         # If --chef-tag is provided then it will be set in chef as single value e.g. --chef-tag "myTag"
         # Otherwise if --tag-node-in-chef is provided then it will tag the chef in key=value pair of --tags option
         # e.g. --tags "key=value"
-        if locate_config_value(:chef_tag)
-          bootstrap.config[:tags] = locate_config_value(:chef_tag)
-        elsif locate_config_value(:tag_node_in_chef)
-          bootstrap.config[:tags] = config[:tags]
+        if config_value(:chef_tag)
+          config[:tags] = config_value(:chef_tag)
         end
         # Modify global configuration state to ensure hint gets set by
         # knife-bootstrap
         Chef::Config[:knife][:hints] ||= {}
         Chef::Config[:knife][:hints]["ec2"] ||= {}
-        bootstrap
       end
 
       def fetch_server_fqdn(ip_addr)
@@ -797,91 +590,29 @@ class Chef
         Resolv.getname(ip_addr)
       end
 
-      def bootstrap_for_windows_node(server, fqdn)
-        if locate_config_value(:bootstrap_protocol) == "winrm" || locate_config_value(:bootstrap_protocol).nil?
-          if locate_config_value(:kerberos_realm)
-            # Fetch AD/WINS based fqdn if any for Kerberos-based Auth
-            fqdn = locate_config_value(:fqdn) || fetch_server_fqdn(server.private_ip_address)
-          end
-          bootstrap = Chef::Knife::BootstrapWindowsWinrm.new
-          bootstrap.config[:winrm_user] = locate_config_value(:winrm_user)
-          bootstrap.config[:winrm_password] = windows_password
-          bootstrap.config[:winrm_transport] = locate_config_value(:winrm_transport)
-          bootstrap.config[:kerberos_keytab_file] = locate_config_value(:kerberos_keytab_file)
-          bootstrap.config[:kerberos_realm] = locate_config_value(:kerberos_realm)
-          bootstrap.config[:kerberos_service] = locate_config_value(:kerberos_service)
-          bootstrap.config[:ca_trust_file] = locate_config_value(:ca_trust_file)
-          bootstrap.config[:winrm_port] = locate_config_value(:winrm_port)
-          bootstrap.config[:auth_timeout] = locate_config_value(:auth_timeout)
-          bootstrap.config[:winrm_ssl_verify_mode] = locate_config_value(:winrm_ssl_verify_mode)
-        elsif locate_config_value(:bootstrap_protocol) == "ssh"
-          bootstrap = Chef::Knife::BootstrapWindowsSsh.new
-          bootstrap.config[:ssh_user] = locate_config_value(:ssh_user)
-          bootstrap.config[:ssh_password] = locate_config_value(:ssh_password)
-          bootstrap.config[:ssh_port] = locate_config_value(:ssh_port)
-          bootstrap.config[:identity_file] = locate_config_value(:identity_file)
-          bootstrap.config[:no_host_key_verify] = locate_config_value(:no_host_key_verify)
-          bootstrap.config[:forward_agent] = locate_config_value(:forward_agent)
-        else
-          ui.error("Unsupported Bootstrapping Protocol. Supported : winrm, ssh")
-          exit 1
-        end
-        bootstrap.name_args = [fqdn]
-        bootstrap.config[:msi_url] = locate_config_value(:msi_url)
-        bootstrap.config[:install_as_service] = locate_config_value(:install_as_service)
-        bootstrap.config[:session_timeout] = locate_config_value(:session_timeout)
-
-        if locate_config_value(:chef_node_name)
-          bootstrap.config[:chef_node_name] = evaluate_node_name(locate_config_value(:chef_node_name))
-        else
-          bootstrap.config[:chef_node_name] = server.id
-        end
-        bootstrap_common_params(bootstrap)
-      end
-
-      def bootstrap_for_linux_node(server, ssh_host)
-        bootstrap = Chef::Knife::Bootstrap.new
-        bootstrap.name_args = [ssh_host]
-        bootstrap.config[:ssh_user] = config[:ssh_user]
-        bootstrap.config[:ssh_password] = locate_config_value(:ssh_password)
-        bootstrap.config[:ssh_port] = config[:ssh_port]
-        bootstrap.config[:ssh_gateway] = config[:ssh_gateway]
-        bootstrap.config[:identity_file] = config[:identity_file]
-
-        if locate_config_value(:chef_node_name)
-          bootstrap.config[:chef_node_name] = evaluate_node_name(locate_config_value(:chef_node_name))
-        else
-          bootstrap.config[:chef_node_name] = server.id
-        end
-        bootstrap.config[:use_sudo] = true unless config[:ssh_user] == "root"
-        # may be needed for vpc_mode
-        bootstrap.config[:host_key_verify] = config[:host_key_verify]
-        bootstrap_common_params(bootstrap)
-      end
-
       def vpc_mode?
         # Amazon Virtual Private Cloud requires a subnet_id. If
         # present, do a few things differently
-        !!locate_config_value(:subnet_id)
+        !!config_value(:subnet_id)
       end
 
-      def ami
-        @ami ||= connection.images.get(locate_config_value(:image))
+      def validate_name_args!
+        # We don't know the name of our instance yet
       end
 
-      def validate!
+      def plugin_validate_options!
         if Chef::Config[:knife].keys.include? :aws_ssh_key_id
           Chef::Config[:knife][:ssh_key_name] = Chef::Config[:knife][:aws_ssh_key_id] if !Chef::Config[:knife][:ssh_key_name]
           Chef::Config[:knife].delete(:aws_ssh_key_id)
           ui.warn("Use of aws_ssh_key_id option in knife.rb/config.rb config is deprecated, use ssh_key_name option instead.")
         end
 
-        super([:image, :ssh_key_name, :aws_access_key_id, :aws_secret_access_key])
+        validate_aws_config!([:image, :ssh_key_name, :aws_access_key_id, :aws_secret_access_key])
 
-        validate_nics! if locate_config_value(:network_interfaces)
+        validate_nics! if config_value(:network_interfaces)
 
         if ami.nil?
-          ui.error("The provided AMI value '#{locate_config_value(:image)}' could not be found. Is this AMI availble in the provided region #{locate_config_value(:region)}?")
+          ui.error("The provided AMI value '#{config_value(:image)}' could not be found. Is this AMI availble in the provided region #{config_value(:region)}?")
           exit 1
         end
 
@@ -906,9 +637,9 @@ class Chef
         end
 
         if config[:associate_eip]
-          eips = connection.addresses.collect { |addr| addr if addr.domain == eip_scope }.compact
+          eips = ec2_connection.describe_addresses.addresses.collect { |addr| addr if addr.domain == eip_scope }.compact
 
-          unless eips.detect { |addr| addr.public_ip == config[:associate_eip] && addr.server_id.nil? }
+          unless eips.detect { |addr| addr.public_ip == config[:associate_eip] && addr.instance_id.nil? }
             ui.error("Elastic IP requested is not available.")
             exit 1
           end
@@ -936,7 +667,7 @@ class Chef
         end
 
         # Validation for security_group_ids passed through knife.rb/config.rb. It will raise error if values are not provided in Array.
-        if locate_config_value(:security_group_ids) && locate_config_value(:security_group_ids).class == String
+        if config_value(:security_group_ids) && config_value(:security_group_ids).class == String
           ui.error("Invalid value type for knife[:security_group_ids] in knife configuration file (i.e knife.rb/config.rb). Type should be array. e.g - knife[:security_group_ids] = ['sgroup1']")
           exit 1
         end
@@ -951,14 +682,14 @@ class Chef
           exit 1
         end
 
-        if locate_config_value(:ebs_encrypted)
+        if config_value(:ebs_encrypted)
           error_message = ""
           errors = []
           # validation for flavor and ebs_encrypted
-          if !locate_config_value(:flavor)
+          if !config_value(:flavor)
             ui.error("--ebs-encrypted option requires valid flavor to be specified.")
             exit 1
-          elsif locate_config_value(:ebs_encrypted) && ! %w{m3.medium m3.large m3.xlarge m3.2xlarge m4.large m4.xlarge
+          elsif config_value(:ebs_encrypted) && ! %w{m3.medium m3.large m3.xlarge m3.2xlarge m4.large m4.xlarge
                                              m4.2xlarge m4.4xlarge m4.10xlarge m4.16xlarge t2.nano t2.micro t2.small
                                              t2.medium t2.large t2.xlarge t2.2xlarge d2.xlarge d2.2xlarge d2.4xlarge
                                              d2.8xlarge c4.large c4.xlarge c4.2xlarge c4.4xlarge c4.8xlarge c3.large
@@ -966,19 +697,19 @@ class Chef
                                              r3.2xlarge r3.4xlarge r3.8xlarge r4.large r4.xlarge r4.2xlarge r4.4xlarge
                                              r4.8xlarge r4.16xlarge x1.16xlarge x1.32xlarge i2.xlarge i2.2xlarge i2.4xlarge
                                              i2.8xlarge i3.large i3.xlarge i3.2xlarge i3.4xlarge i3.8xlarge i3.16xlarge
-                                             f1.2xlarge f1.16xlarge g2.2xlarge g2.8xlarge p2.xlarge p2.8xlarge p2.16xlarge}.include?(locate_config_value(:flavor))
-            ui.error("--ebs-encrypted option is not supported for #{locate_config_value(:flavor)} flavor.")
+                                             f1.2xlarge f1.16xlarge g2.2xlarge g2.8xlarge p2.xlarge p2.8xlarge p2.16xlarge}.include?(config_value(:flavor))
+            ui.error("--ebs-encrypted option is not supported for #{config_value(:flavor)} flavor.")
             exit 1
           end
 
           # validation for ebs_size and ebs_volume_type and ebs_encrypted
-          if !locate_config_value(:ebs_size)
+          if !config_value(:ebs_size)
             errors << "--ebs-encrypted option requires valid --ebs-size to be specified."
-          elsif (locate_config_value(:ebs_volume_type) == "gp2") && ! locate_config_value(:ebs_size).to_i.between?(1, 16384)
+          elsif (config_value(:ebs_volume_type) == "gp2") && ! config_value(:ebs_size).to_i.between?(1, 16384)
             errors << "--ebs-size should be in between 1-16384 for 'gp2' ebs volume type."
-          elsif (locate_config_value(:ebs_volume_type) == "io1") && ! locate_config_value(:ebs_size).to_i.between?(4, 16384)
+          elsif (config_value(:ebs_volume_type) == "io1") && ! config_value(:ebs_size).to_i.between?(4, 16384)
             errors << "--ebs-size should be in between 4-16384 for 'io1' ebs volume type."
-          elsif (locate_config_value(:ebs_volume_type) == "standard") && ! locate_config_value(:ebs_size).to_i.between?(1, 1024)
+          elsif (config_value(:ebs_volume_type) == "standard") && ! config_value(:ebs_size).to_i.between?(1, 1024)
             errors << "--ebs-size should be in between 1-1024 for 'standard' ebs volume type."
           end
 
@@ -988,23 +719,25 @@ class Chef
           end
         end
 
-        if locate_config_value(:spot_price) && locate_config_value(:disable_api_termination)
+        if config_value(:spot_price) && config_value(:disable_api_termination)
           ui.error("spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances.")
           exit 1
         end
 
-        if locate_config_value(:spot_price).nil? && !locate_config_value(:spot_wait_mode).casecmp("prompt").zero?
-          ui.error("spot-wait-mode option requires that a spot-price option is set.")
-          exit 1
+        if config_value(:spot_price).nil? && config_value(:spot_wait_mode)
+          if !(config_value(:spot_wait_mode).casecmp("prompt") == 0)
+            ui.error("spot-wait-mode option requires that a spot-price option is set.")
+            exit 1
+          end
         end
 
-        volume_tags = locate_config_value(:volume_tags)
+        volume_tags = config_value(:volume_tags)
         if !volume_tags.nil? && (volume_tags.length != volume_tags.to_s.count("="))
           ui.error("Volume Tags should be entered in a key = value pair")
           exit 1
         end
 
-        if locate_config_value(:winrm_password).to_s.length > 14
+        if winrm? && config_value(:connection_password).to_s.length > 14
           ui.warn("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
           password_promt = STDIN.gets.chomp.upcase
           if password_promt == "N"
@@ -1016,17 +749,17 @@ class Chef
           end
         end
 
-        if locate_config_value(:tag_node_in_chef)
+        if config_value(:tag_node_in_chef)
           ui.warn("[DEPRECATED] --tag-node-in-chef option is deprecated. Use --chef-tag option instead.")
         end
 
-        if locate_config_value(:tags)
+        if config_value(:tags)
           ui.warn("[DEPRECATED] --tags option is deprecated. Use --aws-tag option instead.")
         end
       end
 
       def tags
-        tags = locate_config_value(:tags) || locate_config_value(:aws_tag)
+        tags = config_value(:tags) || config_value(:aws_tag)
         if !tags.nil? && (tags.length != tags.to_s.count("="))
           ui.error("AWS Tags should be entered in a key = value pair")
           exit 1
@@ -1044,12 +777,12 @@ class Chef
 
       def ssl_config_user_data
         user_related_commands = ""
-        winrm_user = locate_config_value(:winrm_user).split("\\")
-        if (winrm_user[0] == ".") || (winrm_user[0] == "") || (winrm_user.length == 1)
+        user = connection_user.split("\\")
+        if (user[0] == ".") || (user[0] == "") || (user.length == 1)
           user_related_commands = <<~EOH
-            net user /add #{locate_config_value(:winrm_user).delete('.\\')} #{windows_password} #{@allow_long_password};
-            net localgroup Administrators /add #{locate_config_value(:winrm_user).delete('.\\')};
-        EOH
+            net user /add #{connection_user.delete('.\\')} #{windows_password} #{@allow_long_password};
+            net localgroup Administrators /add #{connection_user.delete('.\\')};
+          EOH
         end
         <<~EOH
           #{user_related_commands}
@@ -1096,11 +829,11 @@ class Chef
           $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
           iex $create_listener_cmd
           netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-EOH
+        EOH
       end
 
       def ssl_config_data_already_exist?
-        File.read(locate_config_value(:aws_user_data)).gsub(/\\\\/, "\\").include? ssl_config_user_data.strip
+        File.read(config_value(:aws_user_data)).gsub(/\\\\/, "\\").include? ssl_config_user_data.strip
       end
 
       def process_user_data(script_lines)
@@ -1122,80 +855,99 @@ EOH
         script_lines
       end
 
-      def create_server_def
-        server_def = {
-          image_id: locate_config_value(:image),
-          groups: config[:security_groups],
-          flavor_id: locate_config_value(:flavor),
-          key_name: locate_config_value(:ssh_key_name),
-          availability_zone: locate_config_value(:availability_zone),
-          price: locate_config_value(:spot_price),
-          request_type: locate_config_value(:spot_request_type),
+      # base64-encoded text
+      def encode_data(text)
+        require "base64"
+        Base64.encode64(text)
+      end
+
+      def spot_instances_attributes
+        attributes = {
+          instance_count: 1,
+          launch_specification: server_attributes,
+          spot_price: config_value(:spot_price),
+          type: config_value(:spot_request_type),
         }
+      end
 
-        if primary_eni = locate_config_value(:primary_eni)
-          server_def[:network_interfaces] = [
-            {
-              NetworkInterfaceId: primary_eni,
-              DeviceIndex: "0",
-            }
-          ]
+      def server_attributes
+        attributes = {
+          image_id: config_value(:image),
+          instance_type: config_value(:flavor),
+          groups: config[:security_groups],
+          key_name: config_value(:ssh_key_name),
+          max_count: 1,
+          min_count: 1,
+          placement: {
+            availability_zone: config_value(:availability_zone),
+          },
+        }
+        network_attrs = {}
+        if primary_eni = config_value(:primary_eni)
+          network_attrs[:network_interface_id] = primary_eni
+          network_attrs[:device_index] = 0
         else
-          server_def[:security_group_ids] = locate_config_value(:security_group_ids)
-          server_def[:subnet_id] = locate_config_value(:subnet_id) if vpc_mode?
+          attributes[:security_group_ids] = config_value(:security_group_ids)
+          network_attrs[:subnet_id] = config_value(:subnet_id) if vpc_mode?
+        end
+
+        if vpc_mode?
+          network_attrs[:groups] = attributes[:security_group_ids]
+          network_attrs[:private_ip_address] = config_value(:private_ip_address)
+          network_attrs[:associate_public_ip_address] = config_value(:associate_public_ip) if config[:associate_public_ip]
+        end
+
+        if network_attrs.length > 0
+          attributes[:network_interfaces] = [network_attrs]
         end
 
-        server_def[:private_ip_address] = locate_config_value(:private_ip_address) if vpc_mode?
-        server_def[:placement_group] = locate_config_value(:placement_group)
-        server_def[:iam_instance_profile_name] = locate_config_value(:iam_instance_profile)
-        server_def[:tenancy] = "dedicated" if vpc_mode? && locate_config_value(:dedicated_instance)
-        server_def[:associate_public_ip] = locate_config_value(:associate_public_ip) if vpc_mode? && config[:associate_public_ip]
+        attributes[:placement][:group_name] = config_value(:placement_group)
+        attributes[:placement][:tenancy] = "dedicated" if vpc_mode? && config_value(:dedicated_instance)
+        attributes[:iam_instance_profile] = {}
+        attributes[:iam_instance_profile][:name] = config_value(:iam_instance_profile)
 
-        if locate_config_value(:winrm_transport) == "ssl"
-          if locate_config_value(:aws_user_data)
+        if config_value(:winrm_ssl)
+          if config_value(:aws_user_data)
             begin
-              user_data = File.readlines(locate_config_value(:aws_user_data))
+              user_data = File.readlines(config_value(:aws_user_data))
               if config[:create_ssl_listener]
                 user_data = process_user_data(user_data)
               end
               user_data = user_data.join
-              server_def.merge!(user_data: user_data)
+              attributes.merge!(user_data: encode_data(user_data))
             rescue
-              ui.warn("Cannot read #{locate_config_value(:aws_user_data)}: #{$!.inspect}. Ignoring option.")
+              ui.warn("Cannot read #{config_value(:aws_user_data)}: #{$!.inspect}. Ignoring option.")
             end
           else
             if config[:create_ssl_listener]
-              server_def[:user_data] = "<powershell>\n" + ssl_config_user_data + "</powershell>\n"
+              attributes[:user_data] = encode_data("<powershell>\n" + ssl_config_user_data + "</powershell>\n")
             end
           end
         else
-          if locate_config_value(:aws_user_data)
+          if config_value(:aws_user_data)
             begin
-              server_def.merge!(user_data: File.read(locate_config_value(:aws_user_data)))
+              user_data = File.read(config_value(:aws_user_data))
+              attributes.merge!(user_data: encode_data(user_data))
             rescue
-              ui.warn("Cannot read #{locate_config_value(:aws_user_data)}: #{$!.inspect}. Ignoring option.")
+              ui.warn("Cannot read #{config_value(:aws_user_data)}: #{$!.inspect}. Ignoring option.")
             end
           end
         end
 
-        if config[:ebs_optimized]
-          server_def[:ebs_optimized] = "true"
-        else
-          server_def[:ebs_optimized] = "false"
-        end
+        attributes[:ebs_optimized] = !!config_value(:ebs_optimized)
 
         if ami.root_device_type == "ebs"
-          if locate_config_value(:ebs_encrypted)
-            ami_map = ami.block_device_mapping[1]
+          if config_value(:ebs_encrypted)
+            ami_map = ami.block_device_mappings[1]
           else
-            ami_map = ami.block_device_mapping.first
+            ami_map = ami.block_device_mappings.first
           end
 
           ebs_size = begin
                        if config[:ebs_size]
                          Integer(config[:ebs_size]).to_s
                        else
-                         ami_map["volumeSize"].to_s
+                         ami_map.ebs.volume_size.to_s if ami_map.ebs.respond_to?(:volume_size)
                        end
                      rescue ArgumentError
                        puts "--ebs-size must be an integer"
@@ -1205,13 +957,13 @@ EOH
           delete_term = if config[:ebs_no_delete_on_term]
                           "false"
                         else
-                          ami_map["deleteOnTermination"]
+                          ami_map.ebs.delete_on_termination if ami_map.ebs.respond_to?(:delete_on_termination)
                         end
           iops_rate = begin
                         if config[:ebs_provisioned_iops]
                           Integer(config[:ebs_provisioned_iops]).to_s
                         else
-                          ami_map["iops"].to_s
+                          ami_map.ebs.iops.to_s if ami_map.ebs.respond_to?(:iops)
                         end
                       rescue ArgumentError
                         puts "--provisioned-iops must be an integer"
@@ -1219,32 +971,69 @@ EOH
                         exit 1
                       end
 
-          server_def[:block_device_mapping] =
+          attributes[:block_device_mappings] =
             [{
-               "DeviceName" => ami_map["deviceName"],
-               "Ebs.VolumeSize" => ebs_size,
-               "Ebs.DeleteOnTermination" => delete_term,
-               "Ebs.VolumeType" => config[:ebs_volume_type],
+               device_name: ami_map.device_name,
+               ebs: {
+                  delete_on_termination: delete_term,
+                  volume_size: ebs_size,
+                  volume_type: config[:ebs_volume_type], # accepts standard, io1, gp2, sc1, st1
+                },
              }]
-          server_def[:block_device_mapping].first["Ebs.Iops"] = iops_rate unless iops_rate.empty?
-          server_def[:block_device_mapping].first["Ebs.Encrypted"] = true if locate_config_value(:ebs_encrypted)
+          attributes[:block_device_mappings][0][:ebs][:iops] = iops_rate unless iops_rate.nil? || iops_rate.empty?
+          attributes[:block_device_mappings][0][:ebs][:encrypted] = true if config_value(:ebs_encrypted)
         end
 
-        (config[:ephemeral] || []).each_with_index do |device_name, i|
-          server_def[:block_device_mapping] = (server_def[:block_device_mapping] || []) << { "VirtualName" => "ephemeral#{i}", "DeviceName" => device_name }
+        if config[:ephemeral] && config[:ephemeral].length > 0
+          ephemeral_blocks = []
+          config[:ephemeral].each_with_index do |device_name, i|
+            ephemeral_blocks << { virtual_name: "ephemeral#{i}", device_name: device_name }
+          end
+          attributes[:block_device_mappings] += ephemeral_blocks
         end
 
         ## cannot pass disable_api_termination option to the API when using spot instances ##
-        server_def[:disable_api_termination] = locate_config_value(:disable_api_termination) if locate_config_value(:spot_price).nil?
+        attributes[:disable_api_termination] = config_value(:disable_api_termination) if config_value(:spot_price).nil?
+
+        attributes[:instance_initiated_shutdown_behavior] = config_value(:instance_initiated_shutdown_behavior)
+        attributes[:chef_tag] = config_value(:chef_tag)
+        attributes
+      end
+
+      def create_ec2_instance(attributes)
+        ec2_connection.run_instances(attributes)
+      end
+
+      def spot_instances_wait_until_ready(spot_request_id)
+        ec2_connection.wait_until(
+          :spot_instance_request_fulfilled,
+          spot_instance_request_ids: [spot_request_id]
+        ).spot_instance_requests[0]
+      rescue Aws::Waiters::Errors::WaiterFailed => error
+        puts "failed waiting for spot request fulfill: #{error.message}"
+      end
 
-        server_def[:instance_initiated_shutdown_behavior] = locate_config_value(:instance_initiated_shutdown_behavior)
-        server_def[:chef_tag] = locate_config_value(:chef_tag)
-        server_def
+      def instances_wait_until_ready(instance_id)
+        ec2_connection.wait_until(:instance_running, instance_ids: [instance_id]) do |w|
+          w.max_attempts = max_attempts
+        end
+      rescue Aws::Waiters::Errors::WaiterFailed => error
+        puts "failed waiting for instance running: #{error.message}"
+      end
+
+      def max_attempts
+        delay = 15 # Default Delay for waiter
+        attempts = 40 # Default max attempts for waiter
+
+        if config_value(:aws_connection_timeout)
+          attempts = (config_value(:aws_connection_timeout).to_f / delay).to_i
+        end
+        attempts
       end
 
       def wait_for_sshd(hostname)
         ssh_gateway = get_ssh_gateway_for(hostname)
-        ssh_gateway ? wait_for_tunnelled_sshd(ssh_gateway, hostname) : wait_for_direct_sshd(hostname, config[:ssh_port])
+        ssh_gateway ? wait_for_tunnelled_sshd(ssh_gateway, hostname) : wait_for_direct_sshd(hostname, connection_port)
       end
 
       def get_ssh_gateway_for(hostname)
@@ -1294,7 +1083,7 @@ EOH
       def tunnel_test_ssh(ssh_gateway, hostname, &block)
         status = false
         gateway = configure_ssh_gateway(ssh_gateway)
-        gateway.open(hostname, config[:ssh_port]) do |local_tunnel_port|
+        gateway.open(hostname, connection_port) do |local_tunnel_port|
           status = tcp_test_ssh("localhost", local_tunnel_port, &block)
         end
         status
@@ -1322,7 +1111,7 @@ EOH
 
         # Use the keys specificed on the command line if available (overrides SSH Config)
         if config[:ssh_gateway_identity]
-          gateway_keys = Array(locate_config_value(:ssh_gateway_identity))
+          gateway_keys = Array(config_value(:ssh_gateway_identity))
         end
 
         unless gateway_keys.nil?
@@ -1345,12 +1134,15 @@ EOH
         end
       end
 
+      # @return [Boolean]
       def subnet_public_ip_on_launch?
-        connection.subnets.get(server.subnet_id).map_public_ip_on_launch
+        return false unless server.subnet_id
+        subnet = fetch_subnet(server.subnet_id)
+        subnet.map_public_ip_on_launch
       end
 
-      def ssh_connect_host
-        unless @ssh_connect_host
+      def connection_host
+        unless @connection_host
           if config[:server_connect_attribute]
             connect_attribute = config[:server_connect_attribute]
             server.send(config[:server_connect_attribute])
@@ -1358,52 +1150,74 @@ EOH
             connect_attribute = "private_ip_address"
             server.private_ip_address
           else
-            connect_attribute = server.dns_name ? "dns_name" : "public_ip_address"
+            connect_attribute = server.public_dns_name ? "public_dns_name" : "public_ip_address"
             server.send(connect_attribute)
           end
-          @ssh_connect_host = server.send(connect_attribute)
+          @connection_host = server.send(connect_attribute)
         end
 
-        puts "\nSSH Target Address: #{@ssh_connect_host}(#{connect_attribute})"
-        @ssh_connect_host
+        puts "\nSSH Target Address: #{@connection_host}(#{connect_attribute})"
+        @connection_host
       end
 
       def create_tags(hashed_tags)
+        request_tags = []
         hashed_tags.each_pair do |key, val|
-          connection.tags.create key: key, value: val, resource_id: @server.id
+          request_tags << { key: key, value: val }
+        end
+
+        if request_tags.length > 0
+          ec2_connection.create_tags(tags: request_tags, resources: [server.id])
         end
       end
 
-      def associate_eip(elastic_ip)
-        connection.associate_address(server.id, elastic_ip.public_ip, nil, elastic_ip.allocation_id)
-        @server.wait_for(locate_config_value(:aws_connection_timeout)) { public_ip_address == elastic_ip.public_ip }
+      def create_volume_tags(hashed_volume_tags)
+        request_tags = []
+        hashed_volume_tags.each_pair do |key, val|
+          request_tags << { key: key, value: val }
+        end
+
+        if request_tags.length > 0
+          ec2_connection.create_tags(tags: request_tags, resources: [server.volume_id])
+        end
+      end
+
+      def associate_address(elastic_ip)
+        ec2_connection.associate_address({
+          allocation_id: elastic_ip.allocation_id,
+          instance_id: server.id,
+          public_ip: elastic_ip.public_ip,
+        })
       end
 
       def validate_nics!
-        valid_nic_ids = connection.network_interfaces.all(
-          vpc_mode? ? { "vpc-id" => vpc_id } : {}
-        ).map(&:network_interface_id)
-        invalid_nic_ids =
-          locate_config_value(:network_interfaces) - valid_nic_ids
+        params = {}
+        if vpc_mode?
+          network_attrs = { name: "vpc_id", value: [vpc_id] }
+          params["filters"] = [network_attrs]
+        end
+
+        interfaces = ec2_connection.describe_network_interfaces(params)
+        valid_nic_ids = interfaces.network_interfaces.map(&:network_interface_id)
+        invalid_nic_ids = config_value(:network_interfaces) - valid_nic_ids
+
         return true if invalid_nic_ids.empty?
+
         ui.error "The following network interfaces are invalid: " \
           "#{invalid_nic_ids.join(', ')}"
         exit 1
       end
 
       def vpc_id
-        @vpc_id ||= begin
-          connection.subnets.get(locate_config_value(:subnet_id)).vpc_id
-        end
+        @vpc_id ||= fetch_subnet(locate_config_value(:subnet_id)).vpc_id
       end
 
       def wait_for_nic_attachment
         attached_nics_count = 0
-        until attached_nics_count ==
-            locate_config_value(:network_interfaces).count
+        until attached_nics_count == config_value(:network_interfaces).count
           attachment_nics =
             locate_config_value(:network_interfaces).map do |nic_id|
-              connection.network_interfaces.get(nic_id).attachment["status"]
+              fetch_network_interfaces(nic_id).attachment.status
             end
           attached_nics_count = attachment_nics.grep("attached").count
         end
@@ -1412,41 +1226,23 @@ EOH
       def attach_nics
         attachments = []
         config[:network_interfaces].each_with_index do |nic_id, index|
-          attachments << connection.attach_network_interface(nic_id,
-                                                             server.id,
-                                                             index + 1).body
+          attachments << ec2_connection.attach_network_interface({
+            device_index: index + 1,
+            instance_id: server.id,
+            network_interface_id: nic_id,
+          })
         end
         wait_for_nic_attachment
-        # rubocop:disable Style/RedundantReturn
-        return attachments
-        # rubocop:enable Style/RedundantReturn
-      end
 
-      def enable_classic_link(vpc_id, security_group_ids)
-        connection.attach_classic_link_vpc(server.id, vpc_id, security_group_ids)
+        attachments
       end
 
-      def ssh_override_winrm
-        # unchanged ssh_user and changed winrm_user, override ssh_user
-        if locate_config_value(:ssh_user).eql?(options[:ssh_user][:default]) &&
-            !locate_config_value(:winrm_user).eql?(options[:winrm_user][:default])
-          config[:ssh_user] = locate_config_value(:winrm_user)
-        end
-        # unchanged ssh_port and changed winrm_port, override ssh_port
-        if locate_config_value(:ssh_port).eql?(options[:ssh_port][:default]) &&
-            !locate_config_value(:winrm_port).eql?(options[:winrm_port][:default])
-          config[:ssh_port] = locate_config_value(:winrm_port)
-        end
-        # unset ssh_password and set winrm_password, override ssh_password
-        if locate_config_value(:ssh_password).nil? &&
-            !locate_config_value(:winrm_password).nil?
-          config[:ssh_password] = locate_config_value(:winrm_password)
-        end
-        # unset identity_file and set kerberos_keytab_file, override identity_file
-        if locate_config_value(:identity_file).nil? &&
-            !locate_config_value(:kerberos_keytab_file).nil?
-          config[:identity_file] = locate_config_value(:kerberos_keytab_file)
-        end
+      def enable_classic_link(vpc_id, security_group_ids)
+        ec2_connection.attach_classic_link_vpc({
+          instance_id: server.id,
+          groups: security_group_ids,
+          vpc_id: vpc_id,
+        })
       end
 
       def tcp_test_winrm(ip_addr, port)
@@ -1515,22 +1311,20 @@ EOH
 
       def check_windows_password_available(server_id)
         sleep 10
-        response = connection.get_password_data(server_id)
-        if not response.body["passwordData"]
-          return false
-        end
-        response.body["passwordData"]
+        response = fetch_password_data(server_id)
+        return false unless response.password_data
+        true
       end
 
       def windows_password
-        if not locate_config_value(:winrm_password)
-          if locate_config_value(:identity_file)
-            if @server
+        if not config_value(:connection_password)
+          if config_value(:ssh_identity_file)
+            if server
               print "\n#{ui.color("Waiting for Windows Admin password to be available: ", :magenta)}"
-              print(".") until check_windows_password_available(@server.id) { puts("done") }
-              response = connection.get_password_data(@server.id)
-              data = File.read(locate_config_value(:identity_file))
-              config[:winrm_password] = decrypt_admin_password(response.body["passwordData"], data)
+              print(".") until check_windows_password_available(server.id) { puts("done") }
+              response = fetch_password_data(server.id)
+              data = File.read(locate_config_value(:ssh_identity_file))
+              config[:connection_password] = decrypt_admin_password(response.password_data, data)
             else
               print "\n#{ui.color("Fetchig instance details: \n", :magenta)}"
             end
@@ -1539,30 +1333,111 @@ EOH
             exit 1
           end
         else
-          locate_config_value(:winrm_password)
+          config_value(:connection_password)
         end
       end
 
-      def load_winrm_deps
-        require "winrm"
-        require "chef/knife/winrm"
-        require "chef/knife/bootstrap_windows_winrm"
-        require "chef/knife/bootstrap_windows_ssh"
-        require "chef/knife/core/windows_bootstrap_context"
-      end
-
       # Returns the name of node after evaluation of server id if %s is present.
       # Eg: "Test-%s" will return "Test-i-12345"  in case the instance id is i-12345
       def evaluate_node_name(node_name)
         node_name % server.id
       end
 
-      def create_volume_tags(hashed_volume_tags)
-        hashed_volume_tags.each_pair do |key, val|
-          connection.tags.create key: key, value: val, resource_id: @server.block_device_mapping.first["volumeId"]
+      # TODO: connection_protocol and connection_port used to choose winrm/ssh or 5985/22 based on the image chosen
+      def connection_port
+        port = config_value(:connection_port,
+                            knife_key_for_protocol(connection_protocol, :port))
+        return port if port
+
+        assign_default_port
+      end
+
+      # Set default port 5986 if winrm_ssl return true otherwise set it to 5985
+      # Set default port 22 for ssh protocol
+      # @return [Integer]
+      def assign_default_port
+        if winrm?
+          config_value(:winrm_ssl) ? 5986 : 5985
+        else
+          22
         end
       end
 
+      # url values override CLI flags, if you provide both
+      # we'll use the one that you gave in the URL.
+      def connection_protocol
+        return @connection_protocol if @connection_protocol
+
+        default_protocol = is_image_windows? ? "winrm" : "ssh"
+
+        from_url = host_descriptor =~ /^(.*):\/\// ? $1 : nil
+        from_cli = config[:connection_protocol]
+        from_knife = Chef::Config[:knife][:connection_protocol]
+        @connection_protocol = from_url || from_cli || from_knife || default_protocol
+      end
+
+      def connection_user
+        @connection_user ||= config_value(:connection_user, knife_key_for_protocol(connection_protocol, :user))
+      end
+
+      def server_name
+        return nil unless server
+        server.public_dns_name || server.private_dns_name || server.private_ip_address
+      end
+
+      alias host_descriptor server_name
+
+      # If we don't specify a security group or security group id, Fog will
+      # pick the appropriate default one. In case of a VPC we don't know the
+      # default security group id at this point unless we look it up, hence
+      # 'default' is printed if no id was specified.
+      def printed_security_groups
+        if server.groups
+          server.groups.join(", ")
+        else
+          "default"
+        end
+      end
+
+      def printed_security_group_ids
+        if server.security_group_ids
+          server.security_group_ids.join(", ")
+        else
+          "default"
+        end
+      end
+
+      def hashed_volume_tags
+        hvt = {}
+        volume_tags = config_value(:volume_tags)
+        volume_tags.map { |t| key, val = t.split("="); hvt[key] = val } unless volume_tags.nil?
+
+        hvt
+      end
+
+      def printed_volume_tags
+        hashed_volume_tags.map { |tag, val| "#{tag}: #{val}" }.join(", ")
+      end
+
+      def hashed_tags
+        ht = {}
+        tags.map { |t| key, val = t.split("="); ht[key] = val } unless tags.nil?
+
+        # Always set the Name tag
+        unless ht.keys.include? "Name"
+          if config_value(:chef_node_name)
+            ht["Name"] = evaluate_node_name(config_value(:chef_node_name))
+          else
+            ht["Name"] = server.id
+          end
+        end
+
+        ht
+      end
+
+      def printed_aws_tags
+        hashed_tags.map { |tag, val| "#{tag}: #{val}" }.join(", ")
+      end
     end
   end
 end