zaws 0.0.5 → 0.1.1

data/lib/zaws/services/ai.rb

@@ -0,0 +1,35 @@
+module ZAWS
+  module Controllers
+    class AI
+
+      def initialize(shellout, nessusapi,sumoapi,newrelicapi,awscli)
+        @shellout=shellout
+        @_nessusapi= nessusapi ? nessusapi : ZAWS::Nessusapi.new(@shellout)
+        @_sumoapi= sumoapi ? sumoapi : ZAWS::Sumoapi.new(@shellout)
+        @_newrelicapi= newrelicapi ? newrelicapi : ZAWS::Newrelicapi.new(@shellout)
+        @_awscli= awscli ? awscli : ZAWS::AWSCLI.new(@shellout)
+      end
+
+      def nessusapi
+        return @_nessusapi
+      end
+
+      def sumoapi
+        return @_sumoapi
+      end
+
+      def newrelicapi
+        return @_newrelicapi
+      end
+
+      def awscli
+        return @_awscli
+      end
+      
+      def query
+        @_query ||= (ZAWS::Services::AI::Query.new(@shellout, self))
+      end
+
+    end
+  end
+end

data/lib/zaws/services/ai/query.rb

@@ -0,0 +1,135 @@
+require 'yaml'
+
+module ZAWS
+  module Services
+    module AI
+      class Query
+
+        def initialize(shellout, ai)
+          @shellout=shellout
+          @ai=ai
+        end
+
+        def kilo(n)
+          count = 0
+          while n >= 1024 and count < 4
+            n /= 1024.0
+            count += 1
+          end
+          format("%.2f", n) + %w(B KB MB GB TB)[count]
+        end
+
+        def all(home, verbose=false, value)
+          out=ZAWS::Helper::Verbose.output(verbose)
+          results = {}
+          value_array=[]
+          value_array.concat(value)
+          query_aws(value_array, out, results)
+          query_nessus(home, results, value_array, out)
+          query_sumo(home, results, value_array, out)
+          query_newrelic(home, results, value_array, out)
+          results=ZAWS::Helper::ProcessHash.keep(results,value_array)
+          results.to_yaml
+        end
+
+        def query_nessus(home, results, value_array, verbose)
+          @ai.nessusapi.home=home
+          nessusapi_details = @ai.nessusapi.data_agents.view(1, verbose)
+          results['nessus']= []
+          nessusapi_details['agents'].each do |x|
+            value_array.each do |value|
+              if x['ip'].include?(value) || x['name'].include?(value)
+                if x['last_scanned']
+                  x['last_scanned']= x['last_scanned'] + "   <--- #{DateTime.strptime(x['last_scanned'], '%s')}"
+                end
+                results['nessus'] << x
+                break
+              end
+            end
+          end
+        end
+
+        def query_sumo(home, results, value_array, verbose)
+          @ai.sumoapi.home=home
+          sumoapi_details = @ai.sumoapi.data_collectors.view(verbose)
+          results['sumo']= []
+          sumoapi_details['collectors'].each do |x|
+            value_array.each do |value|
+              if x['name'].include?(value)
+                sumoapi_sources=@ai.sumoapi.data_sources.view(verbose, x['id'])
+                x['sources']=sumoapi_sources
+                results['sumo'] << x
+                break
+              end
+            end
+          end
+        end
+
+        def query_aws(value, verbose, results)
+          profile_creds=ZAWS::AWSCLI::Credentials.new("#{@ai.awscli.home}/.aws/credentials")
+          item = []
+          profile_creds.profiles.each do |profile|
+            @ai.awscli.main_regions.each do |region|
+              filters= {}
+              @ai.awscli.command_ec2.describeInstances.execute(region, 'json', filters, nil, verbose, profile)
+              res = @ai.awscli.data_ec2.instance.view('hash')
+              res['profile']=profile
+              item << res
+            end
+          end
+          results['awscli']= []
+          item.each do |reservations|
+            reservations['Reservations'].each do |reservation|
+              reservation['Instances'].each do |instance|
+                found=false
+                found=true if instance['InstanceId'] and instance['InstanceId'].include?(value[0])
+                found=true if instance['PrivateIpAddress'] and instance['PrivateIpAddress'].include?(value[0])
+                if instance['Tags']
+                  instance['Tags'].each do |tag|
+                    if tag['Value'] and tag['Value'].include?(value[0])
+                      found=true
+                    end
+                  end
+                end
+                if found
+                  instance['profile']=reservations['profile']
+                  results['awscli'] << instance
+                  value << instance['InstanceId']
+                  if instance['PrivateIpAddress']
+                    value << instance['PrivateIpAddress'] unless instance['PrivateIpAddress'].include?(value[0])
+                    value << instance['PrivateIpAddress'].gsub('.', '-') unless instance['PrivateIpAddress'].gsub('.', '-').include?(value[0])
+                  end
+                  if instance['Tags']
+                    instance['Tags'].each do |tag|
+                      if tag['Key'].equal?('Name')
+                        value << tag['Value'] unless tag['Value'].include?(value[0])
+                      end
+                    end
+                  end
+                end
+              end
+            end
+          end
+        end
+
+        def query_newrelic(home, results, value_array, verbose)
+          @ai.newrelicapi.home=home
+          newrelicapi_details = @ai.newrelicapi.data_servers.view(verbose)
+          results['newrelic'] =[]
+          newrelicapi_details['servers'].each do |x|
+            value_array.each do |value|
+              if x['name'].include?(value)
+                if x['summary'] and x['summary']['memory_used']
+                  x['summary']['memory_used']="#{x['summary']['memory_used']}"+"  <--- #{kilo(x['summary']['memory_used'])}"
+                end
+                results['newrelic'] << x
+                break
+              end
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/zaws/services/aws.rb

@@ -0,0 +1,41 @@
+module ZAWS
+  class AWS
+
+    def initialize(shellout, awscli,undofile=nil)
+      @shellout=shellout
+      @_awscli= awscli ? awscli : ZAWS::AWSCLI.new(@shellout)
+      @undofile=undofile
+    end
+
+    def awscli
+      return @_awscli
+    end
+
+    def ec2
+      @_ec2 ||= (ZAWS::EC2.new(@shellout, self,@undofile))
+    end
+
+    def elb
+      @_elb ||= (ZAWS::ELB.new(@shellout, self,@undofile))
+    end
+
+    def route53
+      @_route53 ||= (ZAWS::Route53.new(@shellout, self))
+    end
+
+    def s3
+      @_s3 ||= (ZAWS::S3.new(@shellout, self))
+    end
+
+    def cloud_trail
+      @_cloud_trail ||= (ZAWS::CloudTrail.new(@shellout, self))
+    end
+
+    def iam
+      @_iam ||= (ZAWS::IAM.new(@shellout, self))
+    end
+
+
+  end
+end
+

data/lib/zaws/services/cloud_trail.rb

@@ -0,0 +1,76 @@
+require 'json'
+require 'digest/sha1'
+require 'fileutils'
+require 'zlib'
+
+module ZAWS
+  class CloudTrail
+    DEFAULT_DAYS_TO_FETCH=7
+    ZAWS_S3_CACHE="#{Dir.home}/.zaws/s3-cache"
+
+    def initialize(shellout,aws)
+      @shellout=shellout
+      @aws=aws
+    end
+
+    def get_cloud_trail_by_bucket(region,bucket_name,as_raw=false,verbose=nil)
+      bucket_name = "s3://#{bucket_name}" if !bucket_name.match('s3://.*')
+      bucket_hash = Digest::SHA1.hexdigest("#{region}#{bucket_name}")
+
+      dir_name = "#{ZAWS_S3_CACHE}/#{bucket_hash}"
+      FileUtils.mkdir_p(dir_name)
+
+      dir_name = @aws.s3.bucket.sync(region,bucket_name,dir_name,verbose)
+
+      results = []
+      Dir.open(dir_name) { |dir|
+        Dir.glob(File.join(dir, '**', '*')) { |filename|
+          Zlib::GzipReader.open(filename) { |file|
+            log_file = JSON.parse file.read
+            results.push log_file['Records']
+          } if File.file? filename
+        }
+      }
+        json = {:Records => results.flatten(1)}.to_json
+
+      if as_raw
+        puts json
+      else
+        puts ZAWS::Helper::Output.cloudtrail(json)
+      end
+
+      json
+    end
+
+    def get_cloud_trail_by_name(region,trail_name,as_raw=false, verbose=nil)
+      available_cloud_trails = get_cloud_trails(region)
+      bucket_name = available_cloud_trails.find { |available_cloud_trail|
+        available_cloud_trail['Name'] === trail_name
+      }['S3BucketName']
+
+      get_cloud_trail_by_bucket(region, bucket_name, as_raw, verbose)
+    end
+
+    def get_cloud_trails(region, verbose=nil)
+      com_line   = "aws cloudtrail describe-trails --region #{region}"
+      cloud_trails = JSON.parse @shellout.cli(com_line, verbose)
+      cloud_trails['trailList']
+    end
+
+    def exists(name,region)
+      get_cloud_trails(region).any? {|trail| trail['Name'] === name}
+    end
+
+    def declare(name,region,bucket_name,verbose=nil)
+      if exists(name,region)
+        puts "CloudTrail already exists. Creation skipped.\n"
+      else
+        bucket_exists=@aws.s3.bucket().exists(bucket_name,region)
+        cmdline = "aws --region #{region} cloudtrail create-subscription " <<
+            "--name #{name} --s3-#{bucket_exists ? 'use' : 'new'}-bucket #{bucket_name}"
+        puts @shellout.cli(cmdline,verbose)
+      end
+    end
+
+  end
+end

data/lib/zaws/services/config.rb

@@ -0,0 +1,31 @@
+module ZAWS
+  module Controllers
+    class Config
+
+      def initialize(shellout, nessusapi,sumoapi,newrelicapi,awscli)
+        @shellout=shellout
+        @_nessusapi= nessusapi ? nessusapi : ZAWS::Nessusapi.new(@shellout)
+        @_sumoapi= sumoapi ? sumoapi : ZAWS::Sumoapi.new(@shellout)
+        @_newrelicapi= newrelicapi ? newrelicapi : ZAWS::Newrelicapi.new(@shellout)
+        @_awscli= awscli ? awscli : ZAWS::AWSCLI.new(@shellout)
+      end
+
+      def nessusapi
+        return @_nessusapi
+      end
+
+      def sumoapi
+        return @_sumoapi
+      end
+
+      def newrelicapi
+        return @_newrelicapi
+      end
+
+      def awscli
+        return @_awscli
+      end
+
+    end
+  end
+end

data/lib/zaws/services/ec2.rb

@@ -0,0 +1,47 @@
+require 'json'
+require 'netaddr'
+require 'timeout'
+
+module ZAWS
+  class EC2
+
+	def initialize(shellout,aws,undofile=nil)
+	  @shellout=shellout
+	  @aws=aws
+		@undofile=undofile
+	end
+
+	def vpc
+	  @_vpc ||= (ZAWS::Services::EC2::VPC.new(@shellout,@aws,@undofile))
+
+	  return @_vpc
+	end
+
+	def subnet 
+	  @_subnet ||= (ZAWS::Services::EC2::Subnet.new(@shellout,@aws,@undofile))
+	  return @_subnet
+	end
+	
+	def security_group
+	  @_security_group ||= (ZAWS::Services::EC2::SecurityGroup.new(@shellout,@aws,@undofile))
+	  return @_security_group
+	end
+
+	def route_table 
+	  @_route_table ||= (ZAWS::Services::EC2::RouteTable.new(@shellout,@aws,@undofile))
+	  return @_route_table
+	end
+	
+	def compute 
+	  @_compute ||= (ZAWS::Services::EC2::Compute.new(@shellout,@aws,@undofile))
+	  return @_compute
+	end
+		
+	def elasticip 
+	  @_elasticip ||= (ZAWS::Services::EC2::Elasticip.new(@shellout,@aws,@undofile))
+	  return @_elasticip
+	end
+	
+  end
+end
+

data/lib/zaws/services/ec2/compute.rb

@@ -0,0 +1,352 @@
+require 'json'
+require 'netaddr'
+require 'timeout'
+
+module ZAWS
+  module Services
+    module EC2
+      class Compute
+
+        def initialize(shellout, aws,undofile)
+          @shellout=shellout
+          @aws=aws
+          @undofile=undofile
+          @undofile ||= ZAWS::Helper::ZFile.new
+        end
+
+        def view(region, viewtype, textout=nil, verbose=nil, vpcid=nil, externalid=nil,profile=nil,home=nil)
+          # comline="aws --output #{viewtype} --region #{region} ec2 describe-instances"
+          # if vpcid || externalid
+          #   comline = comline + " --filter"
+          # end
+          # comline = comline + " \"Name=vpc-id,Values=#{vpcid}\"" if vpcid
+          # comline = comline + " \"Name=tag:externalid,Values=#{externalid}\"" if externalid
+          # instances=@shellout.cli(comline, verbose)
+          # textout.puts(instances) if textout
+          # return instances
+          filters= {}
+          filters['vpc-id']=vpcid if vpcid
+          filters['tag:externalid']=externalid if externalid
+          view=viewtype=='yaml'? 'json':viewtype
+          @aws.awscli.home=home
+          @aws.awscli.command_ec2.describeInstances.execute(region,view ,filters, textout, verbose,profile)
+          instances = @aws.awscli.data_ec2.instance.view(viewtype)
+          textout.puts(instances) if textout
+          return instances
+        end
+
+        def view_images(region, viewtype, owner, imageid, textout=nil, verbose=nil)
+          comline="aws --output #{viewtype} --region #{region} ec2 describe-images"
+          comline = "#{comline} --owner #{owner}" if owner
+          comline = "#{comline} --image-ids #{imageid}" if imageid
+          images=@shellout.cli(comline, verbose)
+          textout.puts(images) if textout
+          return images
+        end
+
+        def exists(region, textout=nil, verbose=nil, vpcid, externalid)
+          instances=JSON.parse(view(region, 'json', nil, verbose, vpcid, externalid))
+          val = (instances["Reservations"].count == 1) && (instances["Reservations"][0]["Instances"].count == 1)
+          instance_id = val ? instances["Reservations"][0]["Instances"][0]["InstanceId"] : nil
+          sgroups = val ? instances["Reservations"][0]["Instances"][0]["SecurityGroups"] : nil
+          textout.puts val.to_s if textout
+          return val, instance_id, sgroups
+        end
+
+        def instance_id_by_external_id(region, externalid, vpcid=nil, textout=nil, verbose=nil)
+          val, instance_id, sgroups=exists(region, nil, verbose, vpcid, externalid)
+          return instance_id
+        end
+
+        def network_interface_json(region, verbose, vpcid, ip, groupname)
+          ec2_dir = File.dirname(__FILE__)
+          ip_to_subnet_id = @aws.ec2.subnet.id_by_ip(region, verbose, vpcid, ip)
+          subnet_id=ip_to_subnet_id
+          security_group_id= @aws.ec2.security_group.id_by_name(region, nil, verbose, vpcid, groupname)
+          new_hash= [{"Groups" => [security_group_id], "PrivateIpAddress" => "#{ip}", "DeviceIndex" => 0, "SubnetId" => ip_to_subnet_id}]
+          return new_hash.to_json
+        end
+
+        def block_device_mapping(region, owner, verbose, root_size, image_id)
+          image_descriptions=JSON.parse(view_images(region, 'json', owner, image_id, nil, verbose))
+          image_mappings=image_descriptions['Images'][0]["BlockDeviceMappings"]
+          image_root=image_descriptions['Images'][0]["RootDeviceName"]
+          image_mappings.each do |x|
+            if x["DeviceName"]==image_root
+              if x["Ebs"]["VolumeSize"].to_i > root_size.to_i
+                raise "The image root size is greater than the specified root size. image=#{x["Ebs"]["VolumeSize"]} > rootsize=#{root_size}"
+                exit 1
+              end
+              x["Ebs"]["VolumeSize"]=root_size.to_i
+              #You cannot specify the encrypted flag if specifying a snapshot id in a block device mapping. -AWS
+              x["Ebs"].delete("Encrypted") if x["Ebs"]["SnapshotId"]
+            end
+          end
+          return image_mappings.to_json
+        end
+
+        def random_clienttoken
+          (0...8).map { (65 + rand(26)).chr }.join
+        end
+
+        def placement_aggregate(zone, tenancy)
+          aggregate_value=[]
+          aggregate_value << "AvailabilityZone=#{zone}" if zone
+          aggregate_value << "Tenancy=#{tenancy}" if tenancy
+          aggregate_value.join(",")
+        end
+
+        def declare(externalid, image, owner, nodetype, root, zone, key, sgroup, privateip, optimized, apiterminate, clienttoken, region, textout, verbose, vpcid, nagios, ufile, no_sdcheck, skip_running_check, volsize, volume, tenancy, profilename, userdata)
+          if ufile
+            @undofile.prepend("zaws compute delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS", '#Delete instance', ufile)
+          end
+          compute_exists, instance_id, sgroups = exists(region, nil, verbose, vpcid, externalid)
+          return ZAWS::Helper::Output.binary_nagios_check(compute_exists, "OK: Instance already exists.", "CRITICAL: Instance does not exist.", textout) if nagios
+          if not compute_exists
+            clienttoken=random_clienttoken if not clienttoken
+            comline = "aws --region #{region} ec2 run-instances --image-id #{image} --key-name #{key} --instance-type #{nodetype}"
+            #comline = comline + " --user-data 'file://#{options[:userdata]}'" if options[:userdata]
+            comline = comline + " --placement #{placement_aggregate(zone, tenancy)}" if zone or tenancy
+            comline = comline + " --block-device-mappings \"#{block_device_mapping(region, owner, verbose, root, image).gsub("\"","\\\"")}\"" if root
+            comline = apiterminate ? comline + " --enable-api-termination" : comline + " --disable-api-termination"
+            comline = comline + " --client-token #{clienttoken}"
+            comline = comline + " --network-interfaces \"#{network_interface_json(region, verbose, vpcid, privateip[0], sgroup).gsub("\"","\\\"")}\"" if privateip # Difference between vpc and classic
+            #comline = comline + " --security-groups '#{options[:securitygroup]}'" if not options[:privateip]
+            comline = comline + " --iam-instance-profile Name=\"#{profilename}\"" if profilename
+            comline = comline + " --user-data \"file://#{userdata}\"" if userdata
+
+            comline = optimized ? comline + " --ebs-optimized" : comline + " --no-ebs-optimized"
+            newinstance=JSON.parse(@shellout.cli(comline, verbose))
+            ZAWS::Helper::Output.out_change(textout, "Instance created.") if (newinstance["Instances"] and newinstance["Instances"][0]["InstanceId"])
+            new_instanceid=newinstance["Instances"][0]["InstanceId"]
+            tag_resource(region, new_instanceid, externalid, verbose)
+            instance_running?(region, vpcid, externalid, 60, 5, verbose) if not skip_running_check
+            add_volume(region, new_instanceid, externalid, privateip, volume, zone, volsize, verbose) if volume
+            nosdcheck(region, new_instanceid, verbose) if no_sdcheck # Needed for NAT instances.
+          else
+            ZAWS::Helper::Output.out_no_op(textout, "Instance already exists. Creation skipped.")
+          end
+
+        end
+
+        def delete(region, textout=nil, verbose=nil, vpcid, externalid)
+          compute_exists, instance_id, sgroups = exists(region, nil, verbose, vpcid, externalid)
+          if compute_exists
+            comline = "aws --region #{region} ec2 terminate-instances --instance-ids #{instance_id}"
+            delinstance=JSON.parse(@shellout.cli(comline, verbose))
+            ZAWS::Helper::Output.out_change(textout, "Instance deleted.") if delinstance["TerimatingInstances"]
+          else
+            ZAWS::Helper::Output.out_no_op(textout, "Instance does not exist. Skipping deletion.")
+          end
+        end
+
+        def exists_security_group_assoc(region, textout, verbose, vpcid, externalid, sgroup)
+          compute_exists, instance_id, sgroups = exists(region, nil, verbose, vpcid, externalid)
+          sgroup_exists, sgroupid = @aws.ec2.security_group.exists(region, verbose, vpcid, sgroup)
+          verbose.puts "compute_exists=#{compute_exists}" if verbose
+          verbose.puts "sgroup_exists=#{sgroup_exists}" if verbose
+          verbose.puts "sgroups=#{sgroups}" if verbose
+          if compute_exists and sgroup_exists
+            assoc_exists = sgroups.any? { |z| z["GroupId"] == "#{sgroupid}" }
+            textout.puts assoc_exists.to_s if textout
+            return assoc_exists, instance_id, sgroupid
+          else
+            textout.puts false if textout
+            return false, instance_id, sgroupid
+          end
+        end
+
+        def assoc_security_group(region, textout, verbose, vpcid, externalid, sgroup)
+          assoc_exists, instance_id, sgroupid=exists_security_group_assoc(region, nil, verbose, vpcid, externalid, sgroup)
+          if not assoc_exists
+            comline = "aws --region #{region} ec2 modify-instance-attribute --instance-id #{instance_id} --groups #{sgroupid}"
+            verbose.puts "comline=#{comline}" if verbose
+            assocsgroup=JSON.parse(@shellout.cli(comline, verbose))
+            ZAWS::Helper::Output.out_change(textout, "Security Group Association Changed.") if assocsgroup["return"]=="true"
+          else
+            ZAWS::Helper::Output.out_no_op(textout, "Security Group Association Not Changed.")
+          end
+        end
+
+        def tag_resource(region, resourceid, externalid, verbose=nil)
+          comline="aws --output json --region #{region} ec2 create-tags --resources #{resourceid} --tags \"Key=externalid,Value=#{externalid}\""
+          tag_creation=@shellout.cli(comline, verbose)
+          comline="aws --output json --region #{region} ec2 create-tags --resources #{resourceid} --tags \"Key=Name,Value=#{externalid}\""
+          tag_creation=@shellout.cli(comline, verbose)
+        end
+
+        def nosdcheck(region, instanceid, verbose=nil)
+          comline = "aws --output json --region #{region} ec2 modify-instance-attribute --instance-id #{instanceid} --no-source-dest-check"
+          nosdcheck_result=JSON.parse(@shellout.cli(comline, verbose))
+        end
+
+        def instance_ping?(ip, statetimeout, sleeptime, verbose=nil)
+          begin
+            Timeout.timeout(statetimeout) do
+              begin
+                comline ="ping -q -c 2 #{ip}"
+                @shellout.cli(comline, verbose)
+              rescue Mixlib::ShellOut::ShellCommandFailed
+                sleep(sleeptime)
+                retry
+              end
+            end
+          rescue Timeout::Error
+            raise StandardError.new('Timeout before instance responded to ping.')
+          end
+          return true
+        end
+
+        def instance_running?(region, vpcid, externalid, statetimeout, sleeptime, verbose=nil)
+          begin
+            Timeout.timeout(statetimeout) do
+              begin
+                sleep(sleeptime)
+                query_instance=JSON.parse(view(region, 'json', nil, verbose, vpcid, externalid))
+              end while query_instance["Reservations"][0]["Instances"][0]["State"]["Code"]!=16
+            end
+          rescue Timeout::Error
+            raise StandardError.new('Timeout before instance state code set to running(16).')
+          end
+        end
+
+        def add_volume(region, instanceid, externalid, ip, volume, zone, volsize, verbose=nil)
+          comline = "aws --output json --region #{region} ec2 create-volume --availability-zone #{zone} --size #{volsize}"
+          new_volume=JSON.parse(@shellout.cli(comline, verbose))
+          new_volumeid=new_volume["VolumeId"]
+          tag_resource(region, new_volumeid, externalid, verbose)
+          if instance_ping?(ip, 10, 1)
+            comline = "aws --output json ec2 attach-volume --region #{region} --volume-id #{new_volumeid} --instance-id #{instanceid} --device #{volume}"
+            volattach=JSON.parse(@shellout.cli(comline, verbose))
+          end
+        end
+
+        def exists_secondary_ip(region, ip, textout, verbose, vpcid, externalid)
+          compute_exists, instance_id, sgroups = exists(region, nil, verbose, vpcid, externalid)
+          if compute_exists
+            query_instance=JSON.parse(view(region, 'json', nil, verbose, vpcid, externalid))
+            val = query_instance["Reservations"][0]["Instances"][0]["NetworkInterfaces"][0]["PrivateIpAddresses"].any? { |x| x["PrivateIpAddress"] == "#{ip}" }
+            netid = query_instance["Reservations"][0]["Instances"][0]["NetworkInterfaces"][0]["NetworkInterfaceId"]
+            textout.puts val.to_s if textout
+            return val, true, netid
+          else
+            return false, false, nil
+          end
+        end
+
+        def declare_secondary_ip(region, ip, textout, verbose, vpcid, externalid, nagios, ufile)
+          if ufile
+            @undofile.prepend("zaws compute delete_secondary_ip #{externalid} #{ip} --region #{region} --vpcid #{vpcid} $XTRA_OPTS", '#Delete secondary ip', ufile)
+          end
+          compute_exists, instance_id, sgroups = exists(region, nil, verbose, vpcid, externalid)
+          secondary_ip_exists, compute_exists, network_interface = exists_secondary_ip(region, ip, nil, verbose, vpcid, externalid)
+          return ZAWS::Helper::Output.binary_nagios_check(secondary_ip_exists, "OK: Secondary ip exists.", "CRITICAL: Secondary ip does not exist.", textout) if nagios
+          if not secondary_ip_exists and compute_exists
+            comline = "aws --output json --region #{region} ec2 assign-private-ip-addresses --network-interface-id \"#{network_interface}\" --private-ip-addresses \"#{ip}\""
+            assignreturn = JSON.parse(@shellout.cli(comline, verbose))
+            ZAWS::Helper::Output.out_change(textout, "Secondary ip assigned.") if assignreturn["return"] == "true"
+          else
+            ZAWS::Helper::Output.out_no_op(textout, "Secondary ip already exists. Skipping assignment.")
+          end
+        end
+
+        def delete_secondary_ip(region, ip, textout, verbose, vpcid, externalid)
+          secondary_ip_exists, compute_exists, network_interface = exists_secondary_ip(region, ip, nil, verbose, vpcid, externalid)
+          if secondary_ip_exists and compute_exists
+            comline = "aws --output json --region #{region} ec2 unassign-private-ip-addresses --network-interface-id \"#{network_interface}\" --private-ip-addresses \"#{ip}\""
+            assignreturn = JSON.parse(@shellout.cli(comline, verbose))
+            ZAWS::Helper::Output.out_change(textout, "Secondary ip deleted.") if assignreturn["return"] == "true"
+          else
+            ZAWS::Helper::Output.out_no_op(textout, "Secondary IP does not exists, skipping deletion.")
+          end
+        end
+
+        def interval_eligible(policy_arn=nil, region, textout, verbose)
+          @aws.awscli.command_iam.getPolicy.execute(policy_arn, 'json', verbose)
+          version=@aws.awscli.data_iam.policy.defaultVersion
+          @aws.awscli.command_iam.getPolicyVersion.execute(policy_arn, version, 'json', verbose)
+          instanceids = @aws.awscli.data_iam.policy_document.resource_instance_ids()
+          @aws.awscli.command_ec2.describeInstances.execute(region, 'json', {}, textout, verbose)
+          instancenames = @aws.awscli.data_ec2.instance.names_by_ids(instanceids)
+          textout.puts(instancenames) if textout
+        end
+
+        def set_interval(policy_arn=nil, name=nil, externalid=nil, hours, email, region, textout, verbose, overridebasetime)
+          @aws.awscli.command_iam.getPolicy.execute(policy_arn, 'json', verbose)
+          version=@aws.awscli.data_iam.policy.defaultVersion
+          @aws.awscli.command_iam.getPolicyVersion.execute(policy_arn, version, 'json', verbose)
+          allowed_instanceids = @aws.awscli.data_iam.policy_document.resource_instance_ids()
+          @aws.awscli.command_ec2.describeInstances.execute(region, 'json', {}, textout, verbose)
+          target_instanceid = @aws.awscli.data_ec2.instance.instanceid(name, externalid)
+          if allowed_instanceids =~ /#{target_instanceid}/
+            now_time = overridebasetime ? overridebasetime.to_i : Time.now.to_i
+            interval_time = now_time + (hours.to_i*60*60)
+            tag_value="#{now_time}:#{interval_time}:#{email}"
+            @aws.awscli.command_ec2.createTags.execute(target_instanceid, region, 'interval', tag_value, textout, verbose)
+            textout.puts("Instance #{name ? name : externalid} tagged: Key=interval,Value=#{tag_value}") if textout
+          else
+            textout.puts("Target instance is not in the allowed list accoring to the specified policy.")
+          end
+        end
+
+        def interval_cron(policy_arn=nil, region, textout, verbose, overridebasetime)
+          @aws.awscli.command_iam.getPolicy.execute(policy_arn, 'json', verbose)
+          version=@aws.awscli.data_iam.policy.defaultVersion
+          @aws.awscli.command_iam.getPolicyVersion.execute(policy_arn, version, 'json', verbose)
+          allowed_instanceids = @aws.awscli.data_iam.policy_document.resource_instance_ids()
+          @aws.awscli.command_ec2.describeInstances.execute(region, 'json', {}, textout, verbose)
+          allowed_instanceids.split("\n").each do |id|
+            instance_name = @aws.awscli.data_ec2.instance.name(id)
+            instance_externalid = @aws.awscli.data_ec2.instance.name(id)
+            instance_status = @aws.awscli.data_ec2.instance.status(instance_name, instance_externalid)
+            if @aws.awscli.data_ec2.instance.has_interval?(id)
+              interval_start = @aws.awscli.data_ec2.instance.interval_start(id)
+              interval_end = @aws.awscli.data_ec2.instance.interval_end(id)
+              interval_email = @aws.awscli.data_ec2.instance.interval_email(id)
+              now_time = overridebasetime ? overridebasetime.to_i : Time.now.to_i
+              verbose.puts "DEBUG: instance_name=#{instance_name},instance_externalid=#{instance_externalid}" if verbose
+              verbose.puts "DEBUG: instance_status=#{instance_status},interval_email=#{interval_email}" if verbose
+              verbose.puts "DEBUG: interval_start=#{interval_start},interval_end=#{interval_end}" if verbose
+              if now_time > interval_end.to_i and instance_status == "running"
+                @aws.awscli.command_ec2.stopInstances.execute(id, region, textout, verbose)
+                textout.puts("Instance #{instance_name} stopped.") if textout and instance_name
+              end
+              if now_time < interval_end.to_i and instance_status == "stopped"
+                @aws.awscli.command_ec2.runInstances.execute(id, region, textout, verbose)
+                textout.puts("Instance #{instance_name} started.") if textout and instance_name
+              end
+            else
+              textout.puts("Instance #{instance_name} does not have an interval set.")
+            end
+          end
+        end
+
+        def start(name=nil, externalid=nil, region, textout, verbose, skip_running_check)
+          @aws.awscli.command_ec2.describeInstances.execute(region, 'json', {}, textout, verbose)
+          instance_status = @aws.awscli.data_ec2.instance.status(name, externalid)
+          instance_id = @aws.awscli.data_ec2.instance.instanceid(name, externalid)
+          externalid = @aws.awscli.data_ec2.instance.externalid(instance_id)
+          case instance_status
+            when "stopped"
+              @aws.awscli.command_ec2.runInstances.execute(instance_id, region, textout, verbose)
+              instance_running?(region, nil, externalid, 60, 5, verbose) if not skip_running_check
+              textout.puts("Instance #{name} started.") if textout and name
+          end
+        end
+
+        def stop(name=nil, externalid=nil, region, textout, verbose, skip_running_check)
+          @aws.awscli.command_ec2.describeInstances.execute(region, 'json', {}, textout, verbose)
+          instance_status = @aws.awscli.data_ec2.instance.status(name, externalid)
+          instance_id = @aws.awscli.data_ec2.instance.instanceid(name, externalid)
+          externalid = @aws.awscli.data_ec2.instance.externalid(instance_id)
+          case instance_status
+            when "running"
+              @aws.awscli.command_ec2.stopInstances.execute(instance_id, region, textout, verbose)
+              textout.puts("Instance #{name} stopped.") if textout and name
+          end
+        end
+
+      end
+    end
+  end
+end