vominator 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 66a177e22bafb6bb313e6bb9f3438054424e194a
+  data.tar.gz: dfc070049d6062072a57dd3d76ba086f3204b802
+SHA512:
+  metadata.gz: 66a135ad654b22b8877e3eb6dbaf3a0998b10f55dfb59225591e61e3426153242b8ce0d4c3d5dd78fdcefaa1b8e70e6b8a8f6bd433107577cc22fd62652c4bc6
+  data.tar.gz: f6ed4717fcf783aa9d4215d3880874adcaf87a0bfa6f8937e2e6f0cad992faafc3a8ce2761fb5ad6d4546bba2a54b8b8607fe63ae2ebe3fe23357c73a38b3eb1

data/.gitignore

@@ -0,0 +1,25 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+*.swp
+.idea
+rspec.xml

data/.rspec

@@ -0,0 +1,5 @@
+--color
+--format documentation
+--format RspecJunitFormatter
+--out rspec.xml
+--require spec_helper

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in vominator.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Chris Kelly
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,116 @@
+# Vominator
+
+
+**NOTE** This is still in development, and for now depends on VPCs and such being setup by Vominator from the start. Documentation is still a WIP but the below should be enough to get someone going.
+
+A CLI utility for managing AWS resources from yaml templates. This allow you to define resources within a dev VPC, and replicate that to a QA/Staging/Prod VPC without any additional work.
+
+This CLI utility expects that your VPCs are setup in a specific way. You should use this tool to create a new VPC before launching resources into it.
+
+This CLI utility will require you to define resources via YAML files. This should be kept in a repo of yours. You can see https://github.com/digitaljanitors/sample-puke for a reference.
+
+
+## Installation
+
+See Usage for details about puke
+
+1. `$ gem install vominator`
+2. Create ~/.vominator.yaml
+```
+---
+access_key_id: AWS_SECRET_KEY
+secret_access_key: AWS_SECRET_ACCESS_KEY
+configuration_path: Location to puke
+key_pair_name: infrastructure@example.com
+```
+## Usage
+
+Everything with Vominator revolves around the concept of defining products. These products are a logical grouping of resources that describe how your product is deployed and accessed. These products are then associated with an environment so that you can quickly replicate resources between VPCs.
+
+You will want to create a directory somewhere on your file system that contains your "puke". This is the code that describes how your environment should be built. You can see an example repo here: https://github.com/digitaljanitors/sample-puke
+
+```
+├── config.yaml
+└── products
+    └── sample-api
+        ├── instances.yaml
+        └── security_groups.yaml
+```
+
+In short, under products you create a directory for each new product. Most likely you will have a base product that gets associated to every VPC. You would then create an instances.yaml and security_groups.yaml file that describes everything you want as your base. This would generally be a jumpbox and/or VPN server, and possibly groups such as outbound-connections. config.yaml will be generated for you by vominator using the vpc creation command.
+
+**This repo should be checked in to your own revision control system.**
+
+### Creating your VPCs
+
+Vominator should be used to bootstrap and build your VPCs that will be managed.
+
+This will do the following...
+* Create a VPC using the specified /16 network block within the specified region.
+* Create a route53 zone equal to ${environment}.${parent-domain}. If we cannot find the parent domains zone file in route53 you will be prompted with the approriate details to configure your parent zone file.
+* Create an IGW device
+
+For each specified or auto detected availability zone for the account this will do several things...
+* Create a public /24 subnet starting at 10.x.1.0/24
+* Create a private /24 subnet started at 10.x.11.0/24
+* Create a NAT gateway device for the AZ and configure a routing table for that zone.
+
+Vominator will then output a block of YAML that can be put into your puke specific config.yaml.
+
+```
+$ vominate vpc create -h
+Usage: vominate vpc create [options]
+    -e, --environment ENVIRONMENT    REQUIRED: The environment which you want to create a VPC for. IE foo
+        --region Region              REQUIRED: The AWS Region that you want to create the VPC in. IE us-east-1
+        --availability-zones AVAILABILITY ZONES
+                                     OPTIONAL: A comma delimited list of specific availability zones that you want to prepare. If you don't specify then we will use all that are available. IE us-east-1c,us-east-1d,us-east-1e
+        --parent-domain PARENT DOMAIN
+                                     REQUIRED: The parent domain name that will be used to create a seperate subdomain zone file for the new environment. IE, if you provide foo.org and your environment as bar, this will yield a new Route 53 zone file called bar.foo.org
+        --cidr-block CIDR Block      REQUIRED: The network block for the new environment. This must be a /16 and the second octet should be unique for this environment. IE. 10.123.0.0/16
+    -d, --debug                      OPTIONAL: debug output
+    -h, --help                       OPTIONAL: Display this screen 
+```
+
+### Managing your security groups
+Security groups get defined in your security_groups.yaml file for each product. You can reference the sample puke to get an idea of whats possible.
+
+```
+$ vominate ec2 security_groups -h
+Usage: vominate ec2 security_groups [options]
+    -p, --product PRODUCT            REQUIRED: The product which you want to manage security groups for
+    -e, --environment ENVIRONMENT    REQUIRED: The environment which you want to manage security groups for
+        --security-groups GROUPS     OPTIONAL: Comma Delimited list of security groups
+        --delete                     Enable Deletions. This should be used with care
+    -t, --test                       OPTIONAL: Test run. Show what would be changed without making any actual changes
+    -l, --list                       OPTIONAL: List out products and environments
+        --verbose                    OPTIONAL: Show all security group rules in tables
+    -d, --debug                      OPTIONAL: debug output
+    -h, --help                       OPTIONAL: Display this screen
+
+```
+### Managing your instances
+Instances are managed in your instances.yaml file for each product. You can reference the sample puke to get an idea of whats possible.
+```
+$ vominate instances -h
+Usage: vominate instance [options]
+    -p, --product PRODUCT            REQUIRED: The product which you want to manage instances for
+    -e, --environment ENVIRONMENT    REQUIRED: The environment which you want to manage instances for
+    -s, --servers SERVERS            OPTIONAL: Comma Delimited list of servers that you want to manage instances for
+    -t, --test                       OPTIONAL: Test run. Show what would be changed without making any actual changes
+        --fix-security-groups        OPTIONAL: Fix an instances security groups
+        --disable-term-protection    OPTIONAL: This will disable termination protection on the targeted instances
+        --terminate                  OPTIONAL: This will terminate the specified instances. Must be combined with -s
+        --rebuild                    OPTIONAL: This will terminate and relaunch the specified instances. Must be combined with -s
+    -l, --list                       OPTIONAL: List out products and environments
+    -d, --debug                      OPTIONAL: debug output
+    -h, --help                       OPTIONAL: Display this screen
+```
+
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/vominator/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,12 @@
+require "bundler/gem_tasks"
+
+begin
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new(:spec)
+
+  task :default => :spec
+rescue LoadError
+  # no rspec available
+end
+

data/bin/vominate

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+aws_module = ARGV[0] || nil
+
+case aws_module
+when 'ec2'
+  require_relative '../lib/ec2'
+when 'vpc'
+  require_relative '../lib/vpc'
+else
+  puts 'Module not found. Currently supported modules are: ec2 vpc'
+end

data/circle.yml

@@ -0,0 +1,5 @@
+machine:
+  ruby:
+    version: 2.1.2
+  environment:
+    VOMINATOR_CONFIG: test/vominator.yaml

data/lib/ec2.rb

@@ -0,0 +1,12 @@
+vominator_module = ARGV[1] || nil
+
+case vominator_module
+when 'instances'
+  require_relative '../lib/ec2/instances'
+when 'ssm'
+  require_relative '../lib/ec2/ssm'
+when 'security_groups'
+  require_relative '../lib/ec2/security_groups'
+else
+  puts 'Module not found. Currently supported modules are: instances, ssm, security_groups'
+end

data/lib/ec2/instances.rb

@@ -0,0 +1,362 @@
+#!/usr/bin/env ruby
+require 'optparse'
+require 'colored'
+require_relative '../vominator/constants'
+require_relative '../vominator/aws'
+require_relative '../vominator/ec2'
+require_relative '../vominator/instances'
+require_relative '../vominator/route53'
+require_relative '../vominator/ssm'
+
+options = {}
+
+OptionParser.new do |opts|
+  opts.banner = 'Usage: vominate instance [options]'.yellow
+
+  opts.on('-pPRODUCT', '--product PRODUCT', 'REQUIRED: The product which you want to manage instances for') do |value|
+    options[:product] = value
+  end
+
+  opts.on('-eENVIRONMENT', '--environment ENVIRONMENT', 'REQUIRED: The environment which you want to manage instances for') do |value|
+    options[:environment] = value
+  end
+
+  opts.on('-sSERVERS', '--servers SERVERS', 'OPTIONAL: Comma Delimited list of servers that you want to manage instances for') do |value|
+    options[:servers] = value.split(',')
+  end
+
+  opts.on('-t', '--test', 'OPTIONAL: Test run. Show what would be changed without making any actual changes') do
+    options[:test] = true
+  end
+
+  opts.on('--fix-security-groups', 'OPTIONAL: Fix an instances security groups') do
+    options[:fix_security_groups] = true
+  end
+
+  opts.on('--disable-term-protection', 'OPTIONAL: This will disable termination protection on the targeted instances') do
+    options[:disable_term_protection] = true
+  end
+
+  opts.on('--terminate', 'OPTIONAL: This will terminate the specified instances.') do
+    options[:terminate] = true
+  end
+
+  opts.on('--rebuild', 'OPTIONAL: This will terminate and relaunch the specified instances.') do
+    options[:rebuild] = true
+  end
+  
+  opts.on('-l', '--list', 'OPTIONAL: List out products and environments') do
+    options[:list] = true
+  end
+
+  opts.on('-d', '--debug', 'OPTIONAL: debug output') do
+    options[:debug] = true
+  end
+
+  opts.on_tail(:NONE, '-h', '--help', 'OPTIONAL: Display this screen') do
+    puts opts
+    exit
+  end
+
+  begin
+    opts.parse!
+    throw Exception unless ((options.include? :environment) && (options.include? :product)) || options[:list]
+    if options[:terminate] || options[:rebuild]
+      throw Exception unless (options[:disable_term_protection])
+    end
+
+  rescue
+    puts opts
+    exit
+  end
+end
+
+TEST = options[:test]
+def test?(message)
+  LOGGER.test(message) if TEST
+  TEST
+end
+
+
+if options[:list]
+  data = {}
+  PUKE_CONFIG.keys.each do |environment|
+    LOGGER.info "--#{environment}"
+    products = PUKE_CONFIG[environment]['products'] || Array.new
+    products.each do |product|
+      LOGGER.info "  --#{product}"
+    end
+  end
+  exit(1)
+end
+
+puke_config = Vominator.get_puke_variables(options[:environment])
+
+#TODO: Validate Environment and Product
+LOGGER.info("Working on #{options[:product]} in #{options[:environment]}.")
+
+
+unless test?('Vominator is running in test mode. It will NOT make any changes.')
+  LOGGER.warning('WARNING: Vominator will make changes to your environment. Please run test mode first if you are unsure.')
+  unless Vominator.yesno?(prompt: 'Do you wish to proceed?', default: false)
+    exit(1)
+  end
+end
+
+if options[:servers]
+  instances = Vominator::Instances.get_instances(options[:environment], options[:product], options[:servers])
+else
+  instances = Vominator::Instances.get_instances(options[:environment], options[:product], false)
+end
+
+unless instances
+  LOGGER.fatal('Unable to load instances. Make sure the product is correctly defined for the environment you have selected.')
+end
+
+#Get ec2 connection, which is then passed to specific functions. Maybe a better way to do this?
+ec2 = Aws::EC2::Resource.new(region: puke_config['region_name'])
+ec2_client = Aws::EC2::Client.new(region: puke_config['region_name'])
+
+#Get some basic metadata about our existing instances in the account. Maybe look for ways to filter this for faster API response.
+ec2_instances = Vominator::EC2.get_instances(ec2)
+
+#Get route53 connection which is then passed to specific functions. Maybe a better way to do this?
+r53 = Aws::Route53::Client.new(region: puke_config['region_name'])
+
+#Get existing DNS entries for the zone.
+route53_records = Vominator::Route53.get_records(r53, puke_config['zone'])
+
+#Get SSM connection
+ssm = Aws::SSM::Client.new(region: puke_config['region_name'])
+
+#Get existing Subnets for the VPC
+existing_subnets = Vominator::EC2.get_subnets(ec2, puke_config['vpc_id'])
+
+#Get existing Security Groups for the VPC
+vpc_security_groups = Vominator::EC2.get_security_group_name_ids_hash(ec2, puke_config['vpc_id'])
+
+instances.each do |instance|
+  hostname = instance.keys[0]
+  fqdn = "#{hostname}.#{puke_config['domain']}"
+  instance_type = instance['type'][options[:environment]]
+  instance_ip = instance['ip'].sub('OCTET',puke_config['octet'])
+  instance_security_groups = instance['security_groups'].map { |sg| sg}.uniq.sort
+  ebs_optimized = instance['ebs_optimized'].nil? ? false : instance['ebs_optimized']
+  source_dest_check = instance['source_dest_check'].nil? ? true : instance['source_dest_check']
+  instance_ebs_volumes = instance['ebs'].nil? ? [] : instance['ebs']
+  key_name = Vominator.get_key_pair(VOMINATOR_CONFIG)
+  ssm_documents = instance['ssm_documents'].nil? ? [] : instance['ssm_documents']
+
+  LOGGER.info("Working on #{fqdn}")
+
+  if instance['environment'] && !instance['environment'].include?(options[:environment])
+    LOGGER.info("#{fqdn} is not marked for deployment in #{options[:environment]}")
+    next
+  end
+
+  if instance_type.nil?
+    LOGGER.error("No instance size definition for #{fqdn}")
+    next
+  end
+
+  if instance['ami']
+    ami = instance['ami']
+  else
+    ami = Vominator::EC2.get_ami(puke_config,instance_type,instance['family'])
+  end
+
+  #Check to see if the subnet exists for the instance. If not we should create it.
+  subnet = "#{instance_ip.rpartition('.')[0]}.0/24"
+  unless existing_subnets[subnet]
+    unless test?("Would create a subnet for #{subnet} in #{instance['az']} and associate with the appropriate routing table")
+      existing_subnets[subnet] = Vominator::EC2.create_subnet(ec2, subnet, instance['az'], puke_config['vpc_id'], puke_config['route_tables'][instance['az']])
+      LOGGER.success("Created #{subnet} in #{instance['az']} for #{fqdn}")
+    end
+  end
+
+  #If the instance exists, perform verification and other tasks on that instance
+  if ec2_instances[instance_ip]
+
+    ec2_instance = Vominator::EC2.get_instance(ec2, ec2_instances[instance_ip][:instance_id])
+    ec2_instance_security_groups = ec2_instances[instance_ip][:security_groups].uniq.sort
+    ec2_instance_ebs_volumes = Vominator::EC2.get_instance_ebs_volumes(ec2, ec2_instances[instance_ip][:instance_id])
+
+    if options[:disable_term_protection]
+      unless test?("Would disable instance termination protection for #{fqdn}")
+        Vominator::EC2.set_termination_protection(ec2_client, ec2_instance.id, false)
+        LOGGER.success("Disabled instance termination protection for #{fqdn}")
+      end
+    else
+      unless Vominator::EC2.get_termination_protection(ec2_client, ec2_instance.id)
+        unless test?("Would enable instance termination protection for #{fqdn}")
+          Vominator::EC2.set_termination_protection(ec2_client, ec2_instance.id, true)
+          LOGGER.success("Enabled instance termination protection for #{fqdn}")
+        end
+      end
+    end
+
+    if options[:terminate] #check if the instance even exists?
+      unless test?("Would terminate #{fqdn}")
+        if Vominator::EC2.terminate_instance(ec2,ec2_instances[instance_ip][:instance_id])
+          LOGGER.success("Succesfully terminated #{fqdn}")
+          LOGGER.info('Performing Cleanup Tasks...')
+          if Vominator::Route53.delete_record(r53,puke_config['zone'],fqdn, instance_ip)
+            LOGGER.success("Removed DNS entry for #{fqdn}")
+          end
+        else
+          LOGGER.fatal("Failed to terminate #{fqdn}")
+        end
+        #TODO: Should include deleting chef client and node.
+      end
+      next
+    end
+
+    if options[:rebuild]
+      unless test?("Would rebuild #{fqdn}")
+        if Vominator::EC2.terminate_instance(ec2,ec2_instances[instance_ip][:instance_id])
+          LOGGER.success("Succesfully terminated #{fqdn}")
+          LOGGER.info("Triggering rebuild of #{fqdn}")
+          ec2_instances.delete(instance_ip)
+        else
+          LOGGER.fatal("Failed to terminate #{fqdn}")
+        end
+        #TODO: Should include deleting chef client and node.
+      end
+      options[:rebuild] = false
+      options[:disable_term_protection] = false
+      redo
+    end
+
+    if ec2_instance.instance_type != instance_type
+      unless test?("Would resize #{fqdn} from an #{ec2_instance.instance_type} to an #{instance_type}")
+        LOGGER.info("Resizing #{fqdn} from an #{ec2_instance.instance_type} to an #{instance_type}")
+        if Vominator::EC2.set_instance_type(ec2, ec2_instance.id, instance_type, fqdn) == instance_type
+          LOGGER.success("Succesfully resized #{fqdn} to #{instance_type}")
+        else
+          LOGGER.fatal("Failed to resize #{fqdn} to #{instance_type}")
+        end
+      end
+    end
+
+    if instance['eip'] && ec2_instance.public_ip_address.nil?
+      unless test?("Would create and associate a public IP for #{fqdn}")
+        LOGGER.info("Associating a public IP for #{fqdn}")
+        eip = Vominator::EC2.assign_public_ip(ec2_client, ec2_instance.id)
+        if eip
+          LOGGER.success("Successfully associated #{eip} to #{fqdn}")
+        else
+          LOGGER.fatal("An error occured associating a public IP for #{fqdn}")
+        end
+      end
+    elsif !instance['eip'] && ec2_instance.public_ip_address
+      unless test?("Would remove the elastic IP for #{fqdn}")
+        LOGGER.info("Removing public IP from #{fqdn}")
+        if Vominator::EC2.remove_public_ip(ec2_client, ec2_instance.id)
+          LOGGER.success("Successfully removed the public IP for #{fqdn}")
+        else
+          LOGGER.fatal("Failed to remove the public IP for #{fqdn}")
+        end
+      end
+    end
+
+    unless ec2_instance.source_dest_check == source_dest_check
+      unless test?("Would set the source_dest_check to #{source_dest_check}")
+        if Vominator::EC2.set_source_dest_check(ec2, ec2_instance.id, source_dest_check) == source_dest_check
+          LOGGER.success("Succesfully set source destination check to #{source_dest_check} for #{fqdn}")
+        else
+          LOGGER.fatal("Failed to set source destination check to #{source_dest_check} for #{fqdn}")
+        end
+      end
+    end
+
+    unless ec2_instance.ebs_optimized == ebs_optimized
+      unless test?("Would set EBS optimization to #{ebs_optimized}")
+        if Vominator::EC2.set_ebs_optimized(ec2, ec2_instance.id, ebs_optimized, fqdn) == ebs_optimized
+          LOGGER.success("Succesfully set EBS optimization to #{ebs_optimized} for #{fqdn}")
+        else
+          LOGGER.fatal("Failed to set EBS optimization to #{ebs_optimized} for #{fqdn}")
+        end
+      end
+    end
+
+    unless ec2_instance_security_groups == instance_security_groups
+      LOGGER.info("Security group mismatch detected for #{fqdn}")
+      sg_missing = instance_security_groups - ec2_instance_security_groups
+      sg_undefined = ec2_instance_security_groups - instance_security_groups
+
+      if sg_missing.count > 0
+        unless test?("Would add #{sg_missing.join(', ')} to #{fqdn}")
+          LOGGER.info("#{fqdn} is missing the following security groups: #{sg_missing.join(', ')}")
+          updated_groups = instance_security_groups - Vominator::EC2.set_security_groups(ec2, ec2_instance.id, instance_security_groups, vpc_security_groups)
+          if updated_groups.count > 0
+            LOGGER.fatal "Failed to set #{updated_groups.join(', ')} for #{fqdn}"
+          else
+            LOGGER.success "Succesfully set security groups for #{fqdn}"
+          end
+        end
+      end
+
+      if sg_undefined.count > 0
+        unless test?("Would remove #{sg_undefined.join(', ')} from #{fqdn}")
+          LOGGER.warning("#{fqdn} has the following extra security groups: #{sg_undefined.join(', ')}. You will be prompted to remove these.")
+          if Vominator.yesno?(prompt: 'Is it safe to remove these groups?', default: false)
+            if Vominator::EC2.set_security_groups(ec2, ec2_instance.id, instance_security_groups, vpc_security_groups, false) == instance_security_groups
+              LOGGER.success("Succesfully updated the security groups for #{fqdn}")
+            else
+              LOGGER.fatal("Failed to remove security groups from #{fqdn}")
+            end
+          end
+        end
+      end
+    end
+
+    instance_ebs_volumes.each do |device,options|
+      unless ec2_instance_ebs_volumes.include? device
+        unless test?("Would create and mount a #{options['type']} EBS volume on #{device} for #{fqdn}")
+          if Vominator::EC2.add_ebs_volume(ec2, ec2_instance.id, options['type'], options['size'], device, options['iops'], options['encrypted'])
+            LOGGER.success("Succesfully created and mounted #{device} to #{fqdn}")
+          else
+            LOGGER.fatal("Failed to create and mount #{device} to #{fqdn}")
+          end
+        end
+      end
+    end
+
+    unless route53_records.include?("#{fqdn}.")
+      unless test?("Would add a DNS record for #{fqdn}")
+        if Vominator::Route53.create_record(r53,puke_config['zone'],fqdn,instance_ip)
+          LOGGER.success("Succesfuly created a dns record for #{fqdn}")
+        else
+          LOGGER.fatal("Failed to create a DNS record for #{fqdn}")
+        end
+      end
+    end
+
+    ssm_documents.each do |doc_name|
+      unless Vominator::SSM.associated?(ssm,doc_name,ec2_instance.id)
+        unless test?("Would associate SSM Document #{doc_name} to #{fqdn}")
+          if Vominator::SSM.create_association(ssm,doc_name,ec2_instance.id)
+            LOGGER.success("Succesfully associated #{doc_name} to #{fqdn}")
+          else
+            LOGGER.fatal("Failed to associate #{doc_name} to #{fqdn}")
+          end
+        end
+      end
+    end
+
+  else #The instance does not exist, in which case we want to create it.
+    user_data = Vominator::Instances.generate_cloud_config(hostname, options[:environment], instance['family'], instance['roles'], instance['recipes'])
+    security_group_ids = instance_security_groups.map {|sg| vpc_security_groups[sg] }
+
+    unless test?("Would create #{fqdn}")
+      ec2_instance = Vominator::EC2.create_instance(ec2, hostname, options[:environment], ami, existing_subnets[subnet].id, instance_type, key_name, instance_ip, instance['az'], security_group_ids, user_data, ebs_optimized, instance['iam_profile'])
+      if ec2_instance
+        LOGGER.success("Succesfully created #{fqdn}")
+        ec2_instances[instance_ip] = {:instance_id => ec2_instance.id, :security_groups => ec2_instance.security_groups.map { |sg| sg.group_name}}
+        redo
+      else
+        LOGGER.fatal("Failed to create #{fqdn}")
+      end
+    end
+  end
+end