zaws 0.0.1

data/lib/zaws/ec2/compute.rb

@@ -0,0 +1,247 @@
+require 'json'
+require 'netaddr'
+require 'timeout'
+
+module ZAWS
+  module EC2Services
+	class Compute 
+
+	  def initialize(shellout,aws)
+		@shellout=shellout
+		@aws=aws
+	  end
+
+	  def view(region,viewtype,textout=nil,verbose=nil,vpcid=nil,externalid=nil)
+		comline="aws --output #{viewtype} --region #{region} ec2 describe-instances"
+		if vpcid || externalid 
+		  comline = comline + " --filter"
+		end
+		comline = comline + " 'Name=vpc-id,Values=#{vpcid}'" if vpcid 
+		comline = comline + " 'Name=tag:externalid,Values=#{externalid}'" if externalid 
+		instances=@shellout.cli(comline,verbose)
+		textout.puts(instances) if textout
+		return instances
+	  end
+
+	  def view_images(region,viewtype,owner,imageid,textout=nil,verbose=nil)
+		comline="aws --output #{viewtype} --region #{region} ec2 describe-images"
+		comline = "#{comline} --owner #{owner}" if owner 
+		comline = "#{comline} --image-ids #{imageid}" if imageid 
+		verbose.puts comline if verbose
+		images=@shellout.cli(comline,verbose)
+		textout.puts(images) if textout
+		return images
+	  end
+
+	  def exists(region,textout=nil,verbose=nil,vpcid,externalid)
+		instances=JSON.parse(view(region,'json',nil,verbose,vpcid,externalid))
+		val = (instances["Reservations"].count == 1) && (instances["Reservations"][0]["Instances"].count == 1)
+		instance_id = val ? instances["Reservations"][0]["Instances"][0]["InstanceId"] : nil
+		sgroups = val ? instances["Reservations"][0]["Instances"][0]["SecurityGroups"] : nil
+		textout.puts val.to_s if textout
+		return val, instance_id, sgroups
+	  end
+
+	  def instance_id_by_external_id(region,externalid,vpcid=nil,textout=nil,verbose=nil) 
+		val,instance_id,sgroups=exists(region,nil,verbose,vpcid,externalid)
+		return instance_id
+	  end
+
+	  def network_interface_json(region,verbose,vpcid,ip,groupname)
+		ec2_dir = File.dirname(__FILE__)
+		ip_to_subnet_id = @aws.ec2.subnet.id_by_ip(region,nil,verbose,vpcid,ip)
+		subnet_id=ip_to_subnet_id
+		security_group_id= @aws.ec2.security_group.id_by_name(region,nil,verbose,vpcid,groupname)
+		new_hash= [{ "Groups"=> [security_group_id], "PrivateIpAddress"=>"#{ip}","DeviceIndex"=>"0","SubnetId"=> ip_to_subnet_id }]
+		return new_hash.to_json
+	  end
+
+	  def block_device_mapping(region,owner,verbose,rootsize,imageid)
+		image_descriptions=JSON.parse(view_images(region,'json',owner,imageid,nil,verbose))
+		image_mappings=image_descriptions['Images'][0]["BlockDeviceMappings"]
+		image_root=image_descriptions['Images'][0]["RootDeviceName"]
+		image_mappings.each do |x|
+		  if x["DeviceName"]==image_root
+			if x["Ebs"]["VolumeSize"].to_i > rootsize.to_i
+			  raiseerror "The image root size is greater than the specified root size. image=#{x["Ebs"]["VolumeSize"]} > rootsize=#{rootsize}"
+			  exit 1
+			end
+			x["Ebs"]["VolumeSize"]=rootsize.to_i
+		  end
+		end
+		return image_mappings.to_json
+	  end
+
+	  def random_clienttoken
+		(0...8).map { (65 + rand(26)).chr }.join
+	  end
+
+	  def declare(externalid,image,owner,nodetype,root,zone,key,sgroup,privateip,optimized,apiterminate,clienttoken,region,textout,verbose,vpcid,nagios,ufile,no_sdcheck,skip_running_check,volsize,volume)
+		if ufile
+		  ZAWS::Helper::File.prepend("zaws compute delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete instance',ufile)
+		end
+		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
+		return ZAWS::Helper::Output.binary_nagios_check(compute_exists,"OK: Instance already exists.","CRITICAL: Instance does not exist.",textout) if nagios
+		if not compute_exists
+		  clienttoken=random_clienttoken if not clienttoken
+		  comline = "aws --region #{region} ec2 run-instances --image-id #{image} --key-name #{key} --instance-type #{nodetype}"
+		  #comline = comline + " --user-data 'file://#{options[:userdata]}'" if options[:userdata]
+		  comline = comline + " --placement AvailabilityZone=#{zone}" if zone
+		  comline = comline + " --block-device-mappings '#{block_device_mapping(region,owner,verbose,root,image)}'" if root
+		  comline = apiterminate ? comline + " --enable-api-termination" : comline + " --disable-api-termination"
+		  comline = comline + " --client-token #{clienttoken}"
+		  comline = comline + " --network-interfaces '#{network_interface_json(region,verbose,vpcid,privateip[0],sgroup)}'" if privateip # Difference between vpc and classic
+		  #comline = comline + " --security-groups '#{options[:securitygroup]}'" if not options[:privateip]
+		  #comline = comline + " --iam-instance-profile Name='#{options[:profilename]}'" if options[:profilename]
+		  comline = optimized ? comline + " --ebs-optimized" : comline + " --no-ebs-optimized"
+		  newinstance=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Instance created." if (newinstance["Instances"] and newinstance["Instances"][0]["InstanceId"])
+		  new_instanceid=newinstance["Instances"][0]["InstanceId"]
+		  tag_resource(region,new_instanceid,externalid,verbose)
+		  instance_running?(region,vpcid,externalid,60,5,verbose) if not skip_running_check
+		  add_volume(region,new_instanceid,externalid,privateip,volume,zone,volsize,verbose) if volume
+		  nosdcheck(region,new_instanceid,verbose) if no_sdcheck # Needed for NAT instances.
+		else
+		  textout.puts "Instance already exists. Creation skipped."
+		end
+
+	  end
+
+	  def delete(region,textout=nil,verbose=nil,vpcid,externalid)
+		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
+		if compute_exists
+		  comline = "aws --region #{region} ec2 terminate-instances --instance-ids #{instance_id}"
+		  delinstance=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Instance deleted." if delinstance["TerimatingInstances"]
+		else
+		  textout.puts "Instance does not exist. Skipping deletion." 
+		end
+	  end
+
+	  def exists_security_group_assoc(region,textout,verbose,vpcid,externalid,sgroup)
+		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
+		sgroup_exists,sgroupid = @aws.ec2.security_group.exists(region,nil,verbose,vpcid,sgroup) 
+		verbose.puts "compute_exists=#{compute_exists}" if verbose
+		verbose.puts "sgroup_exists=#{sgroup_exists}" if verbose
+		verbose.puts "sgroups=#{sgroups}" if verbose
+		if compute_exists and sgroup_exists
+		  assoc_exists = sgroups.any? { |z|  z["GroupId"] == "#{sgroupid}" }
+		  textout.puts assoc_exists if textout
+		  return assoc_exists, instance_id, sgroupid
+		else
+		  textout.puts false if textout
+		  return false, instance_id, sgroupid
+		end
+	  end		
+
+	  def assoc_security_group(region,textout,verbose,vpcid,externalid,sgroup)
+		assoc_exists,instance_id,sgroupid=exists_security_group_assoc(region,nil,verbose,vpcid,externalid,sgroup)
+		if not assoc_exists 
+		  comline = "aws --region #{region} ec2 modify-instance-attribute --instance-id #{instance_id} --groups #{sgroupid}"
+		  verbose.puts "comline=#{comline}" if verbose
+		  assocsgroup=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Security Group Association Changed." if assocsgroup["return"]=="true"
+		else
+		  textout.puts "Security Group Association Not Changed." 	
+		end
+	  end
+
+	  def tag_resource(region,resourceid,externalid,verbose=nil)
+		comline="aws --output json --region #{region} ec2 create-tags --resources #{resourceid} --tags Key=externalid,Value=#{externalid}"
+		tag_creation=JSON.parse(@shellout.cli(comline,verbose))
+		comline="aws --output json --region #{region} ec2 create-tags --resources #{resourceid} --tags Key=Name,Value=#{externalid}"
+		tag_creation=JSON.parse(@shellout.cli(comline,verbose))
+	  end
+
+	  def nosdcheck(region,instanceid,verbose=nil)
+		comline = "aws --output json --region #{region} ec2 modify-instance-attribute --instance-id=#{instanceid} --no-source-dest-check"
+		nosdcheck_result=JSON.parse(@shellout.cli(comline,verbose))
+	  end
+
+	  def instance_ping?(ip,statetimeout,sleeptime,verbose=nil)
+		begin
+		  Timeout.timeout(statetimeout) do
+			begin
+			  comline ="ping -q -c 2 #{ip}"
+			  @shellout.cli(comline,verbose)
+			rescue Mixlib::ShellOut::ShellCommandFailed
+			  sleep(sleeptime)
+			  retry
+			end  
+		  end
+		rescue Timeout::Error
+		  raise StandardError.new('Timeout before instance responded to ping.')
+		end
+		return true
+	  end
+
+	  def instance_running?(region,vpcid,externalid,statetimeout,sleeptime,verbose=nil)
+		begin
+		  Timeout.timeout(statetimeout) do
+			begin
+			  sleep(sleeptime)
+			  query_instance=JSON.parse(view(region,'json',nil,verbose,vpcid,externalid))
+			end while query_instance["Reservations"][0]["Instances"][0]["State"]["Code"]!=16
+		  end
+		rescue Timeout::Error
+		  raise StandardError.new('Timeout before instance state code set to running(16).')
+		end
+	  end
+
+	  def add_volume(region,instanceid,externalid,ip,volume,zone,volsize,verbose=nil)
+		comline = "aws --output json --region #{region} ec2 create-volume --availability-zone #{zone} --size #{volsize}"
+		new_volume=JSON.parse(@shellout.cli(comline,verbose))
+		new_volumeid=new_volume["VolumeId"]
+		tag_resource(region,new_volumeid,externalid,verbose)
+		if instance_ping?(ip,10,1)
+		  comline = "aws --output json ec2 attach-volume --region #{region} --volume-id #{new_volumeid} --instance-id #{instanceid} --device #{volume}"
+		  volattach=JSON.parse(@shellout.cli(comline,verbose))
+		end
+	  end
+
+	  def exists_secondary_ip(region,ip,textout,verbose,vpcid,externalid)
+		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
+		if compute_exists
+		  query_instance=JSON.parse(view(region,'json',nil,verbose,vpcid,externalid))
+		  val = query_instance["Reservations"][0]["Instances"][0]["NetworkInterfaces"][0]["PrivateIpAddresses"].any? { |x| x["PrivateIpAddress"] == "#{ip}" }
+		  netid = query_instance["Reservations"][0]["Instances"][0]["NetworkInterfaces"][0]["NetworkInterfaceId"]
+		  textout.puts val if textout
+		  return val,true,netid
+		else
+		  return false,false,nil
+		end
+	  end
+
+	  def declare_secondary_ip(region,ip,textout,verbose,vpcid,externalid,nagios,ufile)
+		if ufile
+		  ZAWS::Helper::File.prepend("zaws compute delete_secondary_ip #{externalid} #{ip} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete secondary ip',ufile)
+		end
+		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
+		secondary_ip_exists,compute_exists,network_interface = exists_secondary_ip(region,ip,nil,verbose,vpcid,externalid)
+		return ZAWS::Helper::Output.binary_nagios_check(secondary_ip_exists,"OK: Secondary ip exists.","CRITICAL: Secondary ip does not exist.",textout) if nagios
+		if not secondary_ip_exists and compute_exists
+		  comline = "aws --output json --region #{region} ec2 assign-private-ip-addresses --network-interface-id '#{network_interface}' --private-ip-addresses '#{ip}'"
+		  $stdout.puts comline
+		  assignreturn = JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Secondary ip assigned." if assignreturn["return"] == "true"
+		else
+		  textout.puts "Secondary ip already exists. Skipping assignment." 
+		end
+	  end
+
+	  def delete_secondary_ip(region,ip,textout,verbose,vpcid,externalid)
+		secondary_ip_exists,compute_exists,network_interface = exists_secondary_ip(region,ip,nil,verbose,vpcid,externalid)
+		if secondary_ip_exists and compute_exists
+		  comline = "aws --output json --region #{region} ec2 unassign-private-ip-addresses --network-interface-id '#{network_interface}' --private-ip-addresses '#{ip}'"
+		  assignreturn = JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Secondary ip deleted." if assignreturn["return"] == "true"
+		else
+		  textout.puts "Secondary IP does not exists, skipping deletion." 
+		end
+	  end
+
+
+	end
+  end
+end
+

data/lib/zaws/ec2/elasticip.rb

@@ -0,0 +1,85 @@
+require 'json'
+require 'netaddr'
+require 'timeout'
+
+module ZAWS
+  module EC2Services
+	class Elasticip 
+
+	  def initialize(shellout,aws)
+		@shellout=shellout
+		@aws=aws
+	  end
+
+	  def view(region,view,textout=nil,verbose=nil,vpcid=nil,instanceid=nil)
+		comline="aws --output #{view} --region #{region} ec2 describe-addresses"
+		if vpcid 
+		  comline = comline + " --filter"
+		end
+		comline = comline + " 'Name=domain,Values=vpc'" if vpcid 
+		comline = comline + " 'Name=instance-id,Values=#{instanceid}'" if instanceid 
+		rtables=@shellout.cli(comline,verbose)
+		textout.puts(rtables) if textout
+		return rtables
+	  end
+
+	  def assoc_exists(region,externalid,textout=nil,verbose=nil,vpcid=nil)
+		val,instance_id,sgroups=@aws.ec2.compute.exists(region,nil,verbose,vpcid,externalid)
+		if val
+		  addresses=JSON.parse(view(region,'json',nil,verbose,vpcid,instance_id))
+		  verbose.puts addresses if verbose
+		  addressassoc=(addresses["Addresses"] and (addresses["Addresses"].count == 1))
+		  associationid= (addressassoc and addresses["Addresses"][0]["AssociationId"]) ? addresses["Addresses"][0]["AssociationId"]:nil
+		  allocationid= (addressassoc and addresses["Addresses"][0]["AllocationId"]) ? addresses["Addresses"][0]["AllocationId"]:nil
+		  ip= (addressassoc and addresses["Addresses"][0]["PublicIp"]) ? addresses["Addresses"][0]["PublicIp"]:nil
+		  verbose.puts "addressassoc=#{addressassoc}" if verbose
+		  verbose.puts "associationid=#{associationid}" if verbose
+		  verbose.puts "allocationid=#{allocationid}" if verbose
+		  textout.puts addressassoc if textout
+		  return addressassoc,instance_id,associationid,allocationid,ip
+		else
+		  textout.puts addressassoc if textout
+		  return false,nil,nil,nil,nil
+		end
+	  end
+
+	  def declare(region,externalid,textout=nil,verbose=nil,vpcid=nil,nagios=nil,ufile=nil)
+        if ufile
+          ZAWS::Helper::File.prepend("zaws elasticip release #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Release elastic ip.',ufile)
+		end
+        elasticip_exists,instance_id,association_id,allocation_id,ip=assoc_exists(region,externalid,nil,verbose,vpcid)
+		return ZAWS::Helper::Output.binary_nagios_check(elasticip_exists,"OK: Elastic Ip exists.","CRITICAL: Elastic Ip DOES NOT EXIST.",textout) if nagios
+		if not elasticip_exists and instance_id 
+		  comline="aws --region #{region} ec2 allocate-address --domain vpc"
+		  allocation=JSON.parse(@shellout.cli(comline,verbose))
+		  if allocation["AllocationId"]
+			comline="aws --region #{region} ec2 associate-address --instance-id #{instance_id} --public-ip #{allocation["PublicIp"]} --allocation-id #{allocation["AllocationId"]}"
+			association=JSON.parse(@shellout.cli(comline,verbose))
+			textout.puts "New elastic ip associated to instance." if association["return"] == "true"
+		  end
+		else
+		  textout.puts "instance already has an elastic ip. Skipping creation."
+		end
+	  end
+
+	  def release(region,externalid,textout=nil,verbose=nil,vpcid=nil)
+		elasticip_exists,instance_id,association_id,allocation_id,ip=assoc_exists(region,externalid,nil,verbose,vpcid)
+		if elasticip_exists and association_id and allocation_id
+		  verbose = $stdout
+		  comline="aws --region #{region} ec2 disassociate-address --public-ip #{ip} --association-id #{association_id}"
+		  verbose.puts comline if verbose
+		  disassociation=JSON.parse(@shellout.cli(comline,verbose))
+		  if disassociation["return"]=="true"
+			comline="aws --region #{region} ec2 release-address --public-ip #{ip} --allocation-id #{allocation_id}"
+			release=JSON.parse(@shellout.cli(comline,verbose))
+			textout.puts "Deleted elasticip." if release["return"] == "true"
+		  end
+		else
+		  textout.puts "Elasticip does not exist. Skipping deletion."
+		end
+	  end
+
+	end
+  end
+end
+

data/lib/zaws/ec2/route_table.rb

@@ -0,0 +1,202 @@
+require 'json'
+require 'netaddr'
+require 'timeout'
+
+module ZAWS
+  module EC2Services
+	class RouteTable 
+
+	  def initialize(shellout,aws)
+		@shellout=shellout
+		@aws=aws
+	  end
+
+	  def view(region,view,textout=nil,verbose=nil,vpcid=nil,externalid=nil)
+		comline="aws --output #{view} --region #{region} ec2 describe-route-tables"
+		if vpcid || externalid 
+		  comline = comline + " --filter"
+		end
+		comline = comline + " 'Name=vpc-id,Values=#{vpcid}'" if vpcid 
+		comline = comline + " 'Name=tag:externalid,Values=#{externalid}'" if externalid 
+		rtables=@shellout.cli(comline,verbose)
+		textout.puts(rtables) if textout
+		return rtables
+	  end
+
+	  def exists(region,textout=nil,verbose=nil,vpcid,externalid)
+		rtable=JSON.parse(view(region,'json',nil,verbose,vpcid,externalid))
+		val = (rtable["RouteTables"].count == 1)
+        rtable_id = val ? rtable["RouteTables"][0]["RouteTableId"] : nil
+		textout.puts val.to_s if textout
+		return val, rtable_id
+	  end
+
+	  def declare(region,vpcid,externalid,nagios,textout=nil,verbose=nil,ufile=nil)
+		if ufile
+		  ZAWS::Helper::File.prepend("zaws route_table delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route table',ufile)
+		end
+		rtable_exists, rtable_id = exists(region,nil,verbose,vpcid,externalid) 
+		return ZAWS::Helper::Output.binary_nagios_check(rtable_exists,"OK: Route table exists.","CRITICAL: Route table does not exist.",textout) if nagios
+		if not rtable_exists
+		  comline="aws --region #{region} ec2 create-route-table --vpc-id #{vpcid}"
+		  rtable=JSON.parse(@shellout.cli(comline,verbose))
+		  rtableid=rtable["RouteTable"]["RouteTableId"]
+		  tagline="aws --region #{region} ec2 create-tags --resources #{rtableid} --tags Key=externalid,Value=#{externalid}"
+		  tagresult=JSON.parse(@shellout.cli(tagline,verbose))
+		  textout.puts "Route table created with external id: my_route_table." if tagresult["return"] == "true"
+		else
+		  textout.puts "Route table exists already. Skipping Creation."
+		end
+	  end
+
+	  def delete(region,textout=nil,verbose=nil,vpcid,externalid)
+		rtable_exists, rtable_id = exists(region,nil,verbose,vpcid,externalid) 
+        if rtable_exists
+          comline="aws --region #{region} ec2 delete-route-table --route-table-id #{rtable_id}"
+          deletion=JSON.parse(@shellout.cli(comline,verbose))
+          textout.puts "Route table deleted." if deletion["return"] == "true"
+		else
+		  textout.puts "Route table does not exist. Skipping deletion."
+		end
+	  end
+
+	  def route_exists_by_instance(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,externalid)
+		# Returns the answer, instance_id, route_table_id
+        instance_id=@aws.ec2.compute.instance_id_by_external_id(region,externalid,vpcid,nil,verbose)
+		return false, nil, nil if not instance_id
+		rtable=JSON.parse(view(region,'json',nil,verbose,vpcid,routetable))
+		val = (rtable["RouteTables"].count == 1) && rtable["RouteTables"][0]["Routes"].any? { |x| x["DestinationCidrBlock"]=="#{cidrblock}" && x["InstanceId"]=="#{instance_id}" }
+		rtable_id = (rtable["RouteTables"].count == 1) ? rtable["RouteTables"][0]["RouteTableId"] : nil
+		textout.puts val.to_s if textout
+		return val, instance_id, rtable_id 
+	  end
+
+	  def declare_route(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,externalid,nagios,ufile)
+        if ufile 
+		  ZAWS::Helper::File.prepend("zaws route_table delete_route #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route',ufile)
+		end
+        # TODO: Route exists already of a different type?
+		route_exists, instance_id, rtable_id = route_exists_by_instance(region,nil,verbose,vpcid,routetable,cidrblock,externalid) 
+		return ZAWS::Helper::Output.binary_nagios_check(route_exists,"OK: Route to instance exists.","CRITICAL: Route to instance does not exist.",textout) if nagios
+		if not route_exists
+		  comline="aws --region #{region} ec2 create-route --route-table-id #{rtable_id} --destination-cidr-block #{cidrblock} --instance-id #{instance_id}"
+		  routereturn=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Route created to instance." if routereturn["return"] == "true"
+		else
+		  textout.puts "Route not created to instance. Skip creation."
+		end
+	  end
+
+	  def delete_route(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock)
+        rtable=JSON.parse(view(region,'json',nil,verbose,vpcid,routetable))
+		val = (rtable["RouteTables"].count == 1) && rtable["RouteTables"][0]["Routes"].any? { |x| x["DestinationCidrBlock"]=="#{cidrblock}" }
+        rtable_id = (rtable["RouteTables"].count == 1) ? rtable["RouteTables"][0]["RouteTableId"] : nil
+        if val
+          comline="aws --region #{region} ec2 delete-route --route-table-id #{rtable_id} --destination-cidr-block #{cidrblock}"
+          deletion=JSON.parse(@shellout.cli(comline,verbose))
+          textout.puts "Route deleted." if deletion["return"] == "true"
+		else
+		  textout.puts "Route does not exist. Skipping deletion."
+		end
+	  end
+
+	  def route_exists_by_gatewayid(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,gatewayid)
+		# Returns the answer, route_table_id
+		rtable=JSON.parse(view(region,'json',nil,verbose,vpcid,routetable))
+		val = (rtable["RouteTables"].count == 1) && rtable["RouteTables"][0]["Routes"].any? { |x| x["DestinationCidrBlock"]=="#{cidrblock}" && x["GatewayId"]=="#{gatewayid}" }
+		rtable_id = (rtable["RouteTables"].count == 1) ? rtable["RouteTables"][0]["RouteTableId"] : nil
+		textout.puts val.to_s if textout
+		return val, rtable_id 
+	  end
+
+
+	  def declare_route_to_gateway(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,gatewayid,nagios,ufile)
+        if ufile 
+		  ZAWS::Helper::File.prepend("zaws route_table delete_route #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route',ufile)
+		end
+        # TODO: Route exists already of a different type?
+		route_exists, rtable_id = route_exists_by_gatewayid(region,nil,verbose,vpcid,routetable,cidrblock,gatewayid) 
+		return ZAWS::Helper::Output.binary_nagios_check(route_exists,"OK: Route to gateway exists.","CRITICAL: Route to gateway does not exist.",textout) if nagios
+		if not route_exists
+		  comline="aws --region #{region} ec2 create-route --route-table-id #{rtable_id} --destination-cidr-block #{cidrblock} --gateway-id #{gatewayid}"
+		  routereturn=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Route created to gateway." if routereturn["return"] == "true"
+		else
+		  textout.puts "Route to gateway exists. Skipping creation."
+		end
+	  end
+
+      def subnet_assoc_exists(region,textout=nil,verbose=nil,vpcid,rtable_externalid,cidrblock)
+		rtable=JSON.parse(view(region,'json',nil,verbose,vpcid,rtable_externalid))
+        subnetid=@aws.ec2.subnet.id_by_cidrblock(region,nil,verbose,vpcid,cidrblock)
+		val = ((not subnetid.nil?) and (rtable["RouteTables"].count == 1) and (rtable["RouteTables"][0]["Associations"].any? { |x| x["SubnetId"]=="#{subnetid}"}))
+		rtassocid= (val and rtable["RouteTables"].count == 1) ? (rtable["RouteTables"][0]["Associations"].select { |x| x["SubnetId"]=="#{subnetid}"})[0]["RouteTableAssociationId"] : nil
+		rtableid = (rtable["RouteTables"].count == 1) ? rtable["RouteTables"][0]["RouteTableId"] : nil
+		textout.puts val.to_s if textout
+		return val, subnetid, rtableid, rtassocid
+	  end
+
+	  def assoc_subnet(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,nagios,ufile)
+        if ufile 
+		  ZAWS::Helper::File.prepend("zaws route_table delete_assoc_subnet #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route table association to subnet',ufile)
+		end
+		assoc_exists, subnetid, rtableid, rtassocid = subnet_assoc_exists(region,nil,verbose,vpcid,routetable,cidrblock) 
+		return ZAWS::Helper::Output.binary_nagios_check(assoc_exists,"OK: Route table association to subnet exists.","CRITICAL: Route table association to subnet does not exist.",textout) if nagios
+		if not assoc_exists
+		  comline="aws --region #{region} ec2 associate-route-table --subnet-id #{subnetid} --route-table-id #{rtableid}"
+		  assocreturn=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Route table associated to subnet." if assocreturn["AssociationId"] 
+		else
+		  textout.puts "Route table already associated to subnet. Skipping association."
+		end
+	  end
+
+	  def delete_assoc_subnet(region,textout=nil,verbose=nil,vpcid,rtable_externalid,cidrblock)
+		assoc_exists, subnetid, rtableid, rtassocid = subnet_assoc_exists(region,nil,verbose,vpcid,rtable_externalid,cidrblock) 
+        if assoc_exists
+		  comline="aws --region #{region} ec2 disassociate-route-table --association-id #{rtassocid}"
+		  assocreturn=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Route table association to subnet deleted." if assocreturn["return"]  == "true"
+		else
+		  textout.puts "Route table association to subnet not deleted because it does not exist."
+		end
+	  end
+
+      def propagation_exists_from_gateway(region,textout=nil,verbose=nil,vpcid,rtable_externalid,vgatewayid)
+        rtable=JSON.parse(view(region,'json',nil,verbose,vpcid,rtable_externalid))
+		val = ((rtable["RouteTables"].count == 1) and (rtable["RouteTables"][0]["PropagatingVgws"].any? { |x| x["GatewayId"]=="#{vgatewayid}"}))
+        rtableid = (rtable["RouteTables"].count == 1) ? rtable["RouteTables"][0]["RouteTableId"] : nil
+		textout.puts val.to_s if textout
+		return val, rtableid
+	  end
+
+	  def declare_propagation_from_gateway(region,textout=nil,verbose=nil,vpcid,routetable,vgatewayid,nagios,ufile)
+        if ufile 
+		  ZAWS::Helper::File.prepend("zaws route_table delete_propagation_from_gateway my_route_table vgw-???????? --region us-west-1 --vpcid my_vpc_id $XTRA_OPTS",'#Delete route propagation',ufile)
+		end
+		propagation_exists,rtableid = propagation_exists_from_gateway(region,nil,verbose,vpcid,routetable,vgatewayid) 
+		return ZAWS::Helper::Output.binary_nagios_check(propagation_exists,"OK: Route propagation from gateway enabled.","CRITICAL: Route propagation from gateway not enabled.",textout) if nagios
+		if not propagation_exists
+		  comline="aws --region #{region} ec2 enable-vgw-route-propagation --route-table-id #{rtableid} --gateway-id #{vgatewayid}"
+		  propreturn=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Route propagation from gateway enabled." if propreturn["return"] == "true"
+		else
+		  textout.puts "Route propagation from gateway already enabled. Skipping propagation."
+		end
+	  end
+
+      def delete_propagation_from_gateway(region,textout=nil,verbose=nil,vpcid,rtable_externalid,vgatewayid)
+        propagation_exists,rtableid = propagation_exists_from_gateway(region,nil,verbose,vpcid,rtable_externalid,vgatewayid) 
+        if propagation_exists
+		  comline="aws --region #{region} ec2 disable-vgw-route-propagation --route-table-id #{rtableid} --gateway-id #{vgatewayid}"
+		  assocreturn=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Deleted route propagation from gateway." if assocreturn["return"]  == "true"
+		else
+		  textout.puts "Route propagation from gateway does not exist, skipping deletion."
+		end
+	  end
+
+	end
+  end
+end
+

data/lib/zaws/ec2/security_group.rb

@@ -0,0 +1,116 @@
+require 'json'
+require 'netaddr'
+require 'timeout'
+
+module ZAWS
+  module EC2Services
+	class SecurityGroup 
+
+	  def initialize(shellout,aws)
+		@shellout=shellout
+		@aws=aws
+	  end
+
+	  def view(region,view,textout=nil,verbose=nil,vpcid=nil,groupname=nil,groupid=nil,perm_groupid=nil,perm_protocol=nil,perm_toport=nil)
+		comline="aws --output #{view} --region #{region} ec2 describe-security-groups"
+		if vpcid || groupname
+		  comline = comline + " --filter"
+		end
+		comline = comline + " 'Name=vpc-id,Values=#{vpcid}'" if vpcid 
+		comline = comline + " 'Name=group-name,Values=#{groupname}'" if groupname
+        comline = comline + " 'Name=group-id,Values=#{groupid}'" if groupid
+        comline = comline + " 'Name=ip-permission.group-id,Values=#{perm_groupid}'" if perm_groupid
+	    comline = comline + " 'Name=ip-permission.protocol,Values=#{perm_protocol}'" if perm_protocol
+        comline = comline + " 'Name=ip-permission.to-port,Values=#{perm_toport}'" if perm_toport
+		sgroups=@shellout.cli(comline,verbose)
+		textout.puts(sgroups) if textout
+		return sgroups
+	  end
+
+	  def exists(region,textout=nil,verbose=nil,vpcid,groupname)
+		sgroups=JSON.parse(view(region,'json',nil,verbose,vpcid,groupname))
+		val = (sgroups["SecurityGroups"].count == 1)
+		sgroupid = val ? sgroups["SecurityGroups"][0]["GroupId"] : nil
+		textout.puts val.to_s if textout
+		return val, sgroupid 
+	  end
+
+	  def declare(region,vpcid,groupname,description,nagios,textout=nil,verbose=nil,ufile=nil)
+		if ufile
+          ZAWS::Helper::File.prepend("zaws security_group delete #{groupname} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete security group',ufile)
+		end
+		sgroup_exists,sgroupid = exists(region,nil,verbose,vpcid,groupname) 
+		return ZAWS::Helper::Output.binary_nagios_check(sgroup_exists,"OK: Security Group Exists.","CRITICAL: Security Group Does Not Exist.",textout) if nagios
+		if not sgroup_exists
+		  comline="aws --output json --region #{region} ec2 create-security-group --vpc-id #{vpcid} --group-name #{groupname} --description '#{description}'"
+		  sgroup=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Security Group Created." if sgroup["return"] == "true"
+		else
+		  textout.puts "Security Group Exists Already. Skipping Creation."
+		end
+	  end
+
+      def id_by_name(region,textout=nil,verbose=nil,vpcid,groupname)
+		sgroups=JSON.parse(view(region,'json',nil,verbose,vpcid,groupname))
+		group_id= sgroups["SecurityGroups"].count == 1 ? sgroups["SecurityGroups"][0]["GroupId"] : nil
+		raise "More than one security group found when looking up id by name." if sgroups["SecurityGroups"].count > 1 
+		textout.puts group_id if textout
+		return group_id
+	  end
+
+    
+	  def delete(region,textout=nil,verbose=nil,vpcid,groupname)
+		groupid=id_by_name(region,nil,nil,vpcid,groupname)
+		if groupid 
+		  comline="aws --region #{region} ec2 delete-security-group --group-ids #{groupid}"
+		  sgroup=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Security Group deleted." if sgroup["return"] == "true"
+		else
+		  textout.puts "Security Group does not exist. Skipping deletion."
+		end
+	  end
+
+      def ingress_group_exists(region,vpcid,target,source,protocol,port,textout=nil,verbose=nil) 
+        targetid=id_by_name(region,nil,nil,vpcid,target)
+        sourceid=id_by_name(region,nil,nil,vpcid,source)
+        if targetid && sourceid
+          sgroups=JSON.parse(view(region,'json',nil,verbose,vpcid,nil,targetid,sourceid,protocol,port))
+		  val = (sgroups["SecurityGroups"].count > 0)
+          textout.puts val.to_s if textout
+		  return val, targetid, sourceid 
+		end
+	  end
+
+	  def declare_ingress_group(region,vpcid,target,source,protocol,port,nagios,textout=nil,verbose=nil,ufile=nil) 
+		if ufile
+		  ZAWS::Helper::File.prepend("zaws security_group delete_ingress_group #{target} #{source} #{protocol} #{port} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete security group ingress group rule',ufile)
+		end
+
+		ingress_exists,targetid,sourceid = ingress_group_exists(region,vpcid,target,source,protocol,port,nil,verbose)
+
+		return ZAWS::Helper::Output.binary_nagios_check(ingress_exists,"OK: Security group ingress group rule exists.","CRITICAL: Security group ingress group rule does not exist.",textout) if nagios
+
+		if not ingress_exists 
+          comline="aws --region #{region} ec2 authorize-security-group-ingress --group-id #{targetid} --source-security-group-owner-id #{sourceid} --protocol #{protocol} --port #{port}"
+		  ingressrule=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Ingress group rule created." if ingressrule["return"] == "true"
+		else
+          textout.puts "Ingress group rule not created. Exists already."
+		end
+	  end
+
+	  def delete_ingress_group(region,vpcid,target,source,protocol,port,textout=nil,verbose=nil) 
+		ingress_exists,targetid,sourceid = ingress_group_exists(region,vpcid,target,source,protocol,port,nil,verbose)
+		if ingress_exists 
+          comline="aws --region #{region} ec2 revoke-security-group-ingress --group-id #{targetid} --source-security-group-owner-id #{sourceid} --protocol #{protocol} --port #{port}"
+		  val=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Security group ingress group rule deleted." if val["return"] == "true"
+		else
+          textout.puts "Security group ingress group rule does not exist. Skipping deletion."
+		end
+	  end
+
+	 end
+  end
+end
+