Amazon EC2 Driver Documentation

Amazon Elastic Compute Cloud (EC2) is one of the oldest IaaS service providers out there and a central part of Amazon.com’s cloud computing platform, Amazon Web Services (AWS).

../../_images/aws.png

It allows users to rent virtual servers in more than 15 regions such as:

  • US East (Northern Virginia) Region
  • US East (Ohio) Region
  • US West (Oregon) Region
  • US West (Northern California) Region
  • GovCloud (US) Region
  • Canada (Central) Region
  • EU West (Ireland) Region
  • EU West (London) Region
  • EU Central (Frankfurt) Region
  • Asia Pacific (Singapore) Region
  • Asia Pacific (Sydney) Region
  • Asia Pacific (Tokyo) Region
  • Asia Pacific (Seoul) Region
  • Asia Pacific (Mumbai) Region
  • China (Beijing) Region
  • South America (Sao Paulo) Region

Note that pricing information is not available for China (Beijing) region.

Using temporary security credentials

Since Libcloud 0.14.0, all the Amazon drivers support using temporary security credentials.

Temporary credentials can be used by passing token argument to the driver constructor in addition to the access and secret key. In this case token represents a temporary session token, access key represents temporary access key and secret key represents a temporary secret key.

For example:

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

cls = get_driver(Provider.EC2)
driver = cls('temporary access key', 'temporary secret key',
             token='temporary session token', region="us-west-1")

For more information, please refer to the Using Temporary Security Credentials section of the official documentation.

Examples

Allocate, Associate, Disassociate, and Release an Elastic IP

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

ACCESS_ID = 'your access id'
SECRET_KEY = 'your secret key'

IMAGE_ID = 'ami-c8052d8d'
SIZE_ID = 't1.micro'

cls = get_driver(Provider.EC2)
driver = cls(ACCESS_ID, SECRET_KEY, region="us-west-1")

sizes = driver.list_sizes()
images = driver.list_images()

size = [s for s in sizes if s.id == SIZE_ID][0]
image = [i for i in images if i.id == IMAGE_ID][0]

node = driver.create_node(name='test-node', image=image, size=size)

# Here we allocate and associate an elastic IP
elastic_ip = driver.ex_allocate_address()
driver.ex_associate_address_with_node(node, elastic_ip)

# When we are done with our elastic IP, we can disassociate from our
# node, and release it
driver.ex_disassociate_address(elastic_ip)
driver.ex_release_address(elastic_ip)

Create a general purpose SSD volume

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

cls = get_driver(Provider.EC2)
driver = cls('access key', 'secret key', region='us-east-i1')

volume = driver.create_volume(size=100, name='Test GP volume',
                              ex_volume_type='gp2')

Create a provisioned IOPS volume

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

cls = get_driver(Provider.EC2)
driver = cls('access key', 'secret key', region='us-east-i1')

volume = driver.create_volume(size=100, name='Test IOPS volume',
                              ex_volume_type='io1', ex_iops=1000)

API Docs

class libcloud.compute.drivers.ec2.BaseEC2NodeDriver(key, secret=None, secure=True, host=None, port=None, api_version=None, region=None, **kwargs)[source]

Base Amazon EC2 node driver.

Used for main EC2 and other derivate driver classes to inherit from it.

Parameters:
  • key (str) – API key or username to be used (required)
  • secret (str) – Secret password to be used (required)
  • secure (bool) – Whether to use HTTPS or HTTP. Note: Some providers only support HTTPS, and it is on by default.
  • host (str) – Override hostname used for connections.
  • port (int) – Override port used for connections.
  • api_version (str) – Optional API version. Only used by drivers which support multiple API versions.
  • region (str) – Optional driver region. Only used by drivers which support multiple regions.
Return type:

None

attach_volume(node, volume, device)[source]

Attaches volume to node.

Parameters:
  • node (Node) – Node to attach volume to.
  • volume (StorageVolume) – Volume to attach.
  • device (str) – Where the device is exposed, e.g. ‘/dev/sdb’
Rytpe:

bool

connectionCls

alias of EC2Connection

copy_image(image, source_region, name=None, description=None)[source]

Copy an Amazon Machine Image from the specified source region to the current region.

@inherits: NodeDriver.copy_image

Parameters:
  • source_region (str) – The region where the image resides
  • image (NodeImage) – Instance of class NodeImage
  • name (str) – The name of the new image
  • description (str) – The description of the new image
Returns:

Instance of class NodeImage

Return type:

NodeImage

create_image(node, name, description=None, reboot=False, block_device_mapping=None)[source]

Create an Amazon Machine Image based off of an EBS-backed instance.

@inherits: NodeDriver.create_image

Parameters:
  • node – Instance of Node
  • name (str) – The name for the new image
  • block_device_mapping (list of dict) – A dictionary of the disk layout An example of this dict is included below.
  • reboot (bool) – Whether or not to shutdown the instance before creation. Amazon calls this NoReboot and sets it to false by default to ensure a clean image.
  • description (str) – An optional description for the new image

An example block device mapping dictionary is included:

mapping = [{‘VirtualName’: None,
‘Ebs’: {‘VolumeSize’: 10,
‘VolumeType’: ‘standard’, ‘DeleteOnTermination’: ‘true’}, ‘DeviceName’: ‘/dev/sda1’}]
Returns:Instance of class NodeImage
Return type:NodeImage
create_key_pair(name)[source]

Create a new key pair object.

Parameters:name (str) – Key pair name.
create_node(**kwargs)[source]

Create a new EC2 node.

Reference: http://bit.ly/8ZyPSy [docs.amazonwebservices.com]

@inherits: NodeDriver.create_node

Parameters:
  • ex_keyname (str) – The name of the key pair
  • ex_userdata (str) – User data
  • ex_security_groups (list) – A list of names of security groups to assign to the node.
  • ex_security_group_ids (list) – A list of ids of security groups to assign to the node.[for VPC nodes only]
  • ex_metadata (dict) – Key/Value metadata to associate with a node
  • ex_mincount (int) – Minimum number of instances to launch
  • ex_maxcount (int) – Maximum number of instances to launch
  • ex_clienttoken (str) – Unique identifier to ensure idempotency
  • ex_blockdevicemappings (list of dict) – list of dict block device mappings.
  • ex_iamprofile (str) – Name or ARN of IAM profile
  • ex_ebs_optimized (bool) – EBS-Optimized if True
  • ex_subnet (EC2Subnet) – The subnet to launch the instance into.
  • ex_placement_group (str) – The name of the placement group to launch the instance into.
  • ex_assign_public_ip (bool) – If True, the instance will be assigned a public ip address. Note : It takes takes a short while for the instance to be assigned the public ip so the node returned will NOT have the public ip assigned yet.
  • ex_terminate_on_shutdown (bool) – Indicates if the instance should be terminated instead of just shut down when using the operating systems command for system shutdown.
create_volume(size, name, location=None, snapshot=None, ex_volume_type='standard', ex_iops=None, ex_encrypted=False, ex_kms_key_id=None)[source]

Create a new volume.

Parameters:
  • size (int) – Size of volume in gigabytes (required)
  • name (str) – Name of the volume to be created
  • location (ExEC2AvailabilityZone) – Which data center to create a volume in. If empty, undefined behavior will be selected. (optional)
  • snapshot (VolumeSnapshot) – Snapshot from which to create the new volume. (optional)
  • location – Datacenter in which to create a volume in.
  • ex_volume_type (str) – Type of volume to create.
  • iops (int) – The number of I/O operations per second (IOPS) that the volume supports. Only used if ex_volume_type is io1.
  • ex_encrypted (bool) – Specifies whether the volume should be encrypted.
  • ex_kms_key_id (str) – The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. Example: arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123 -456a-a12b-a123b4cd56ef. Only used if encrypted is set to True.
Returns:

The newly created volume.

Return type:

StorageVolume

create_volume_snapshot(volume, name=None)[source]

Create snapshot from volume

Parameters:
  • volume (StorageVolume) – Instance of StorageVolume
  • name (str) – Name of snapshot (optional)
Return type:

VolumeSnapshot

delete_image(image)[source]

Deletes an image at Amazon given a NodeImage object

@inherits: NodeDriver.delete_image

Parameters:image – Instance of NodeImage
Return type:bool
delete_key_pair(key_pair)[source]

Delete an existing key pair.

Parameters:key_pair (KeyPair) – Key pair object.
deploy_node(**kwargs)

Create a new node, and start deployment.

In order to be able to SSH into a created node access credentials are required.

A user can pass either a NodeAuthPassword or NodeAuthSSHKey to the auth argument. If the create_node implementation supports that kind if credential (as declared in self.features['create_node']) then it is passed on to create_node. Otherwise it is not passed on to create_node and it is only used for authentication.

If the auth parameter is not supplied but the driver declares it supports generates_password then the password returned by create_node will be used to SSH into the server.

Finally, if the ssh_key_file is supplied that key will be used to SSH into the server.

This function may raise a DeploymentException, if a create_node call was successful, but there is a later error (like SSH failing or timing out). This exception includes a Node object which you may want to destroy if incomplete deployments are not desirable.

>>> from libcloud.compute.drivers.dummy import DummyNodeDriver
>>> from libcloud.compute.deployment import ScriptDeployment
>>> from libcloud.compute.deployment import MultiStepDeployment
>>> from libcloud.compute.base import NodeAuthSSHKey
>>> driver = DummyNodeDriver(0)
>>> key = NodeAuthSSHKey('...') # read from file
>>> script = ScriptDeployment("yum -y install emacs strace tcpdump")
>>> msd = MultiStepDeployment([key, script])
>>> def d():
...     try:
...         driver.deploy_node(deploy=msd)
...     except NotImplementedError:
...         print ("not implemented for dummy driver")
>>> d()
not implemented for dummy driver

Deploy node is typically not overridden in subclasses. The existing implementation should be able to handle most such.

Parameters:
  • deploy (Deployment) – Deployment to run once machine is online and available to SSH.
  • ssh_username (str) – Optional name of the account which is used when connecting to SSH server (default is root)
  • ssh_alternate_usernames (list) – Optional list of ssh usernames to try to connect with if using the default one fails
  • ssh_port (int) – Optional SSH server port (default is 22)
  • ssh_timeout (float) – Optional SSH connection timeout in seconds (default is 10)
  • auth (NodeAuthSSHKey or NodeAuthPassword) – Initial authentication information for the node (optional)
  • ssh_key (str or list of str) – A path (or paths) to an SSH private key with which to attempt to authenticate. (optional)
  • timeout (int) – How many seconds to wait before timing out. (default is 600)
  • max_tries (int) – How many times to retry if a deployment fails before giving up (default is 3)
  • ssh_interface (str) – The interface to wait for. Default is ‘public_ips’, other option is ‘private_ips’.
destroy_node(node)[source]

Destroy a node.

Depending upon the provider, this may destroy all data associated with the node, including backups.

Parameters:node (Node) – The node to be destroyed
Returns:True if the destroy was successful, False otherwise.
Return type:bool
destroy_volume(volume)[source]

Destroys a storage volume.

Parameters:volume (StorageVolume) – Volume to be destroyed
Return type:bool
destroy_volume_snapshot(snapshot)[source]

Destroys a snapshot.

Parameters:snapshot (VolumeSnapshot) – The snapshot to delete
Return type:bool
detach_volume(volume, ex_force=False)[source]

Detaches a volume from a node.

Parameters:volume (StorageVolume) – Volume to be detached
Return type:bool
ex_allocate_address(domain='standard')[source]

Allocate a new Elastic IP address for EC2 classic or VPC

Parameters:domain (str) – The domain to allocate the new address in (standard/vpc)
Returns:Instance of ElasticIP
Return type:ElasticIP
ex_associate_address_with_node(node, elastic_ip, domain=None)[source]

Associate an Elastic IP address with a particular node.

Parameters:
  • node (Node) – Node instance
  • elastic_ip (ElasticIP) – Elastic IP instance
  • domain (str) – The domain where the IP resides (vpc only)
Returns:

A string representation of the association ID which is required for VPC disassociation. EC2/standard addresses return None

Return type:

None or str

ex_associate_addresses(node, elastic_ip, domain=None)[source]

Note: This method has been deprecated in favor of the ex_associate_address_with_node method.

ex_associate_route_table(route_table, subnet)[source]

Associates a route table with a subnet within a VPC.

Note: A route table can be associated with multiple subnets.

Parameters:
  • route_table (EC2RouteTable) – The route table to associate.
  • subnet (EC2Subnet) – The subnet to associate with.
Returns:

Route table association ID.

Return type:

str

ex_attach_internet_gateway(gateway, network)[source]

Attach an Internet gateway to a VPC

Parameters:
  • gateway (VPCInternetGateway) – The gateway to attach
  • network (EC2Network) – The VPC network to attach to
Return type:

bool

ex_attach_network_interface_to_node(network_interface, node, device_index)[source]

Attach a network interface to an instance.

Parameters:
  • network_interface (EC2NetworkInterface) – EC2NetworkInterface instance
  • node (Node) – Node instance
  • device_index (int) – The interface device index
Returns:

String representation of the attachment id. This is required to detach the interface.

Return type:

str

ex_authorize_security_group(name, from_port, to_port, cidr_ip, protocol='tcp')[source]

Edit a Security Group to allow specific traffic.

@note: This is a non-standard extension API, and only works for EC2.

Parameters:
  • name (str) – The name of the security group to edit
  • from_port (str) – The beginning of the port range to open
  • to_port (str) – The end of the port range to open
  • cidr_ip (str) – The ip to allow traffic for.
  • protocol (str) – tcp/udp/icmp
Return type:

bool

ex_authorize_security_group_egress(id, from_port, to_port, cidr_ips, group_pairs=None, protocol='tcp')[source]

Edit a Security Group to allow specific egress traffic using CIDR blocks or either a group ID, group name or user ID (account). This call is not supported for EC2 classic and only works for VPC groups.

Parameters:
  • id (str) – The id of the security group to edit
  • from_port (int) – The beginning of the port range to open
  • to_port (int) – The end of the port range to open
  • cidr_ips (list) – The list of ip ranges to allow traffic for.
  • group_pairs (list of dict) –

    Source user/group pairs to allow traffic for. More info can be found at http://goo.gl/stBHJF

    EC2 Classic Example: To allow access from any system associated with the default group on account 1234567890

    [{‘group_name’: ‘default’, ‘user_id’: ‘1234567890’}]

    VPC Example: Allow access from any system associated with security group sg-47ad482e on your own account

    [{‘group_id’: ‘ sg-47ad482e’}]

  • protocol (str) – tcp/udp/icmp
Return type:

bool

ex_authorize_security_group_ingress(id, from_port, to_port, cidr_ips=None, group_pairs=None, protocol='tcp', description=None)[source]

Edit a Security Group to allow specific ingress traffic using CIDR blocks or either a group ID, group name or user ID (account).

Parameters:
  • id (str) – The id of the security group to edit
  • from_port (int) – The beginning of the port range to open
  • to_port (int) – The end of the port range to open
  • cidr_ips (list) – The list of IP ranges to allow traffic for.
  • group_pairs (list of dict) –

    Source user/group pairs to allow traffic for. More info can be found at http://goo.gl/stBHJF

    EC2 Classic Example: To allow access from any system associated with the default group on account 1234567890

    [{‘group_name’: ‘default’, ‘user_id’: ‘1234567890’}]

    VPC example: To allow access from any system associated with security group sg-47ad482e on your own account

    [{‘group_id’: ‘ sg-47ad482e’}]

  • protocol (str) – tcp/udp/icmp
  • description (str) – description to be added to the rules inserted
Return type:

bool

ex_authorize_security_group_permissive(name)[source]

Edit a Security Group to allow all traffic.

@note: This is a non-standard extension API, and only works for EC2.

Parameters:name (str) – The name of the security group to edit
Return type:list of str
ex_change_node_size(node, new_size)[source]

Change the node size. Note: Node must be turned of before changing the size.

Parameters:
  • node (Node) – Node instance
  • new_size (NodeSize) – NodeSize instance
Returns:

True on success, False otherwise.

Return type:

bool

ex_create_internet_gateway(name=None)[source]

Delete a VPC Internet gateway

Return type:bool
ex_create_keypair(name)[source]

Creates a new keypair

@note: This is a non-standard extension API, and only works for EC2.

Parameters:name (str) – The name of the keypair to Create. This must be unique, otherwise an InvalidKeyPair.Duplicate exception is raised.
Return type:dict
ex_create_network(cidr_block, name=None, instance_tenancy='default')[source]

Create a network/VPC

Parameters:
  • cidr_block (str) – The CIDR block assigned to the network
  • name (str) – An optional name for the network
  • instance_tenancy (str) – The allowed tenancy of instances launched into the VPC. Valid values: default/dedicated
Returns:

Dictionary of network properties

Return type:

dict

ex_create_network_interface(subnet, name=None, description=None, private_ip_address=None)[source]

Create a network interface within a VPC subnet.

Parameters:
  • subnet (EC2NetworkSubnet) – EC2NetworkSubnet instance
  • name (str) – Optional name of the interface
  • description (str) – Optional description of the network interface
  • private_ip_address (str) – Optional address to assign as the primary private IP address of the interface. If one is not provided then Amazon will automatically auto-assign an available IP. EC2 allows assignment of multiple IPs, but this will be the primary.
Returns:

EC2NetworkInterface instance

Return type:

:class EC2NetworkInterface

ex_create_placement_group(name)[source]

Creates a new placement group.

Parameters:name (str) – The name for the new placement group
Return type:bool
ex_create_route(route_table, cidr, internet_gateway=None, node=None, network_interface=None, vpc_peering_connection=None)[source]

Creates a route entry in the route table.

Parameters:
  • route_table (EC2RouteTable) – The route table to create the route in.
  • cidr (str) – The CIDR block used for the destination match.
  • internet_gateway (VPCInternetGateway) – The Internet gateway to route traffic through.
  • node (Node) – The NAT instance to route traffic through.
  • network_interface (EC2NetworkInterface) – The network interface of the node to route traffic through.
  • vpc_peering_connection (VPCPeeringConnection) – The VPC peering connection.
Return type:

bool

Note: You must specify one of the following: internet_gateway,
node, network_interface, vpc_peering_connection.
ex_create_route_table(network, name=None)[source]

Creates a route table within a VPC.

Parameters:vpc_id (EC2Network) – The VPC that the subnet should be created in.
Return type:
class:.EC2RouteTable
ex_create_security_group(name, description, vpc_id=None)[source]

Creates a new Security Group in EC2-Classic or a targeted VPC.

Parameters:
  • name (str) – The name of the security group to create. This must be unique.
  • description (str) – Human readable description of a Security Group.
  • vpc_id (str) – Optional identifier for VPC networks
Return type:

dict

ex_create_subnet(vpc_id, cidr_block, availability_zone, name=None)[source]

Creates a network subnet within a VPC.

Parameters:
  • vpc_id (str) – The ID of the VPC that the subnet should be associated with
  • cidr_block (str) – The CIDR block assigned to the subnet
  • availability_zone (str) – The availability zone where the subnet should reside
  • name (str) – An optional name for the network
Return type:

class:EC2NetworkSubnet

ex_create_tags(resource, tags)[source]

Creates tags for a resource (Node or StorageVolume).

Parameters:
  • resource (Node or StorageVolume or VolumeSnapshot) – The resource to be tagged
  • tags (dict) – A dictionary or other mapping of strings to strings, associating tag names with tag values.
Return type:

bool

ex_delete_internet_gateway(gateway)[source]

Deletes a VPC Internet gateway.

Parameters:gateway (VPCInternetGateway) – The gateway to delete
Return type:bool
ex_delete_keypair(keypair)[source]

Deletes a key pair by name.

@note: This is a non-standard extension API, and only works with EC2.

Parameters:keypair (str) – The name of the keypair to delete.
Return type:bool
ex_delete_network(vpc)[source]

Deletes a network/VPC.

Parameters:vpc (EC2Network) – VPC to delete.
Return type:bool
ex_delete_network_interface(network_interface)[source]

Deletes a network interface.

Parameters:network_interface (EC2NetworkInterface) – EC2NetworkInterface instance
Return type:bool
ex_delete_placement_group(name)[source]

Deletes a placement group.

Parameters:name (str) – The placement group name
Return type:bool
ex_delete_route(route_table, cidr)[source]

Deletes a route entry from the route table.

Parameters:
  • route_table (EC2RouteTable) – The route table to delete the route from.
  • cidr (str) – The CIDR block used for the destination match.
Return type:

bool

ex_delete_route_table(route_table)[source]

Deletes a VPC route table.

Parameters:route_table (EC2RouteTable) – The route table to delete.
Return type:bool
ex_delete_security_group(name)[source]

A wrapper method which calls ex_delete_security_group_by_name.

Parameters:name (str) – The name of the security group
Return type:bool
ex_delete_security_group_by_id(group_id)[source]

Deletes a new Security Group using the group ID.

Parameters:group_id (str) – The ID of the security group
Return type:bool
ex_delete_security_group_by_name(group_name)[source]

Deletes a new Security Group using the group name.

Parameters:group_name (str) – The name of the security group
Return type:bool
ex_delete_subnet(subnet)[source]

Deletes a VPC subnet.

Parameters:subnet (EC2NetworkSubnet) – The subnet to delete
Return type:bool
ex_delete_tags(resource, tags)[source]

Deletes tags from a resource.

Parameters:
  • resource (Node or StorageVolume) – The resource to be tagged
  • tags (dict) – A dictionary or other mapping of strings to strings, specifying the tag names and tag values to be deleted.
Return type:

bool

ex_describe_addresses(nodes)[source]

Returns Elastic IP addresses for all the nodes in the provided list.

Parameters:nodes (list of Node) – A list of Node instances
Returns:Dictionary where a key is a node ID and the value is a list with the Elastic IP addresses associated with this node.
Return type:dict
ex_describe_addresses_for_node(node)[source]

Returns a list of Elastic IP Addresses associated with this node.

Parameters:node (Node) – Node instance
Returns:List Elastic IP Addresses attached to this node.
Return type:list of str
ex_describe_all_addresses(only_associated=False)[source]

Returns all the Elastic IP addresses for this account optionally, returns only addresses associated with nodes.

Parameters:only_associated (bool) – If true, return only the addresses that are associated with an instance.
Returns:List of Elastic IP addresses.
Return type:list of ElasticIP
ex_describe_all_keypairs()[source]

Returns names for all the available key pairs.

@note: This is a non-standard extension API, and only works for EC2.

Return type:list of str
ex_describe_import_snapshot_tasks(import_task_id, dry_run=None)[source]

Describes your import snapshot tasks. More information can be found at https://goo.gl/CI0MdS.

Parameters:
  • import_task_id (str) – Import task Id for the current Import Snapshot Task
  • dry_run (bool) – Checks whether you have the permission for the action, without actually making the request, and provides an error response.(optional)
Return type:

:class:DescribeImportSnapshotTasks Object

ex_describe_keypair(name)[source]

Describes a keypair by name.

@note: This is a non-standard extension API, and only works for EC2.

Parameters:name (str) – The name of the keypair to describe.
Return type:dict
ex_describe_keypairs(name)[source]

Here for backward compatibility.

ex_describe_tags(resource)[source]

Returns a dictionary of tags for a resource (e.g. Node or StorageVolume).

Parameters:resource (any resource class, such as Node, StorageVolume, or :class:NodeImage`) – The resource to be used
Returns:A dictionary of Node tags
Return type:dict
ex_describe_volumes_modifications(dry_run=False, volume_ids=None, filters=None)[source]

Describes one or more of your volume modifications.

Parameters:
  • dry_run (bool) – dry_run
  • volume_ids (dict) – The volume_ids so that the response includes information for only said volumes
  • filters (dict) – The filters so that the response includes information for only certain volumes
Returns:

List of volume modification status objects

Return type:

list of :class:`VolumeModification

ex_detach_internet_gateway(gateway, network)[source]

Detaches an Internet gateway from a VPC.

Parameters:
  • gateway (VPCInternetGateway) – The gateway to detach
  • network (EC2Network) – The VPC network to detach from
Return type:

bool

ex_detach_network_interface(attachment_id, force=False)[source]

Detach a network interface from an instance.

Parameters:
  • attachment_id (str) – The attachment ID associated with the interface
  • force (bool) – Forces the detachment.
Returns:

True on successful detachment, False otherwise.

Return type:

bool

ex_disassociate_address(elastic_ip, domain=None)[source]

Disassociates an Elastic IP address using the IP (EC2-Classic) or the association ID (VPC).

Parameters:
  • elastic_ip (ElasticIP) – ElasticIP instance
  • domain (str) – The domain where the IP resides (vpc only)
Returns:

True on success, False otherwise.

Return type:

bool

ex_dissociate_route_table(subnet_association)[source]

Dissociates a subnet from a route table.

Parameters:subnet_association (EC2SubnetAssociation or str) – The subnet association object or subnet association ID.
Return type:bool
ex_find_or_import_keypair_by_key_material(pubkey)[source]

Given a public key, look it up in the EC2 KeyPair database. If it exists, return any information we have about it. Otherwise, create it.

Keys that are created are named based on their comment and fingerprint.

Return type:dict
ex_get_console_output(node)[source]

Gets console output for the node.

Parameters:node (Node) – Node which should be used
Returns:A dictionary with the following keys: - instance_id (str) - timestamp (datetime.datetime) - last output timestamp - output (str) - console output
Return type:dict
ex_get_limits()[source]

Retrieve account resource limits.

Return type:dict
ex_get_metadata_for_node(node)[source]

Returns the metadata associated with the node.

Parameters:node (Node) – Node instance
Returns:A dictionary or other mapping of strings to strings, associating tag names with tag values.
Rtype tags:dict
ex_get_security_groups(group_ids=None, group_names=None, filters=None)[source]

Returns a list of EC2SecurityGroup objects for the current region.

Parameters:
  • group_ids (list) – Returns only groups matching the provided group IDs.
  • group_names – Returns only groups matching the provided group names.
  • filters (dict) – The filters so that the list returned includes information for specific security groups only.
Return type:

list of EC2SecurityGroup

ex_import_keypair(name, keyfile)[source]

Imports a new public key where the public key is passed via a filename.

@note: This is a non-standard extension API, and only works for EC2.

Parameters:
  • name (str) – The name of the public key to import. This must be unique, otherwise an InvalidKeyPair. Duplicate exception is raised.
  • keyfile (str) – The filename with the path of the public key to import.
Return type:

dict

ex_import_keypair_from_string(name, key_material)[source]

Imports a new public key where the public key is passed in as a string.

@note: This is a non-standard extension API, and only works for EC2.

Parameters:
  • name (str) – The name of the public key to import. This must be unique, otherwise an InvalidKeyPair.Duplicate exception is raised.
  • key_material (str) – The contents of a public key file.
Return type:

dict

ex_import_snapshot(client_data=None, client_token=None, description=None, disk_container=None, dry_run=None, role_name=None)[source]

Imports a disk into an EBS snapshot. More information can be found at https://goo.gl/sbXkYA.

Parameters:
  • client_data (dict) – Describes the client specific data (optional)
  • client_token (str) – The token to enable idempotency for VM import requests.(optional)
  • description (str) – The description string for the import snapshot task.(optional)
:param disk_container:The disk container object for the
import snapshot request.

:type disk_container:dict

Parameters:
  • dry_run (bool) – Checks whether you have the permission for the action, without actually making the request, and provides an error response.(optional)
  • role_name (str) – The name of the role to use when not using the default role, ‘vmimport’.(optional)
Return type:

class:VolumeSnapshot

ex_list_availability_zones(only_available=True)[source]

Returns a list of ExEC2AvailabilityZone objects for the current region.

Note: This is an extension method and is only available for EC2 driver.

Parameters:only_available (str) – If true, returns only availability zones with state ‘available’
Return type:list of ExEC2AvailabilityZone
ex_list_internet_gateways(gateway_ids=None, filters=None)[source]

Describes available Internet gateways and whether or not they are attached to a VPC. These are required for VPC nodes to communicate over the Internet.

Parameters:
  • gateway_ids (list) – Returns only Internet gateways matching the provided Internet gateway IDs. If not specified, a list of all the Internet gateways in the corresponding region is returned.
  • filters (dict) – The filters so the list returned inclues information for certain gateways only.
Return type:

list of VPCInternetGateway

ex_list_keypairs()[source]

Lists all the keypair names and fingerprints.

Return type:list of dict
ex_list_network_interfaces()[source]

Returns all network interfaces.

Returns:List of EC2NetworkInterface instances
Return type:list of :class EC2NetworkInterface
ex_list_networks(network_ids=None, filters=None)[source]

Returns a list of EC2Network objects for the current region.

Parameters:
  • network_ids (list) – Returns only networks matching the provided network IDs. If not specified, a list of all the networks in the corresponding region is returned.
  • filters (dict) – The filters so that the list returned includes information for certain networks only.
Return type:

list of EC2Network

ex_list_placement_groups(names=None)[source]

A list of placement groups.

Parameters:names (list of str) – Placement Group names
Return type:list of EC2PlacementGroup
ex_list_reserved_nodes()[source]

Lists all reserved instances/nodes which can be purchased from Amazon for one or three year terms. Reservations are made at a region level and reduce the hourly charge for instances.

More information can be found at http://goo.gl/ulXCC7.

Return type:list of EC2ReservedNode
ex_list_route_tables(route_table_ids=None, filters=None)[source]

Describes one or more of a VPC’s route tables. These are used to determine where network traffic is directed.

Parameters:
  • route_table_ids (list) – Returns only route tables matching the provided route table IDs. If not specified, a list of all the route tables in the corresponding region is returned.
  • filters (dict) – The filters so that the list returned includes information for certain route tables only.
Return type:

list of EC2RouteTable

ex_list_security_groups()[source]

Lists existing Security Groups.

@note: This is a non-standard extension API, and only works for EC2.

Return type:list of str
ex_list_subnets(subnet_ids=None, filters=None)[source]

Returns a list of EC2NetworkSubnet objects for the current region.

Parameters:
  • subnet_ids (list) – Returns only subnets matching the provided subnet IDs. If not specified, a list of all the subnets in the corresponding region is returned.
  • filters (dict) – The filters so that the list returned includes information for certain subnets only.
Return type:

list of EC2NetworkSubnet

ex_modify_image_attribute(image, attributes)[source]

Modifies image attributes.

Parameters:
  • image (NodeImage) – NodeImage instance
  • attributes (dict) – A dictionary with node attributes
Returns:

True on success, False otherwise.

Return type:

bool

ex_modify_instance_attribute(node, attributes)[source]

Modify node attributes. A list of valid attributes can be found at http://goo.gl/gxcj8

Parameters:
  • node (Node) – Node instance
  • attributes (dict) – Dictionary with node attributes
Returns:

True on success, False otherwise.

Return type:

bool

ex_modify_snapshot_attribute(snapshot, attributes)[source]

Modify Snapshot attributes.

Parameters:
  • snapshot – VolumeSnapshot instance
  • attributes (dict) – Dictionary with snapshot attributes
Returns:

True on success, False otherwise.

Return type:

bool

ex_modify_volume(volume, parameters)[source]

Modify volume parameters. A list of valid parameters can be found at https://goo.gl/N0rPEQ

Parameters:
  • volume (Volume) – Volume instance
  • parameters (dict) – Dictionary with updated volume parameters
Returns:

Volume modification status object

Return type:

:class:`VolumeModification

ex_register_image(name, description=None, architecture=None, image_location=None, root_device_name=None, block_device_mapping=None, kernel_id=None, ramdisk_id=None, virtualization_type=None, ena_support=None, billing_products=None, sriov_net_support=None)[source]

Registers an Amazon Machine Image based off of an EBS-backed instance. Can also be used to create images from snapshots. More information can be found at http://goo.gl/hqZq0a.

Parameters:
  • name (str) – The name for the AMI being registered
  • description (str) – The description of the AMI (optional)
  • architecture (str) – The architecture of the AMI (i386/x86_64) (optional)
  • image_location (str) – The location of the AMI within Amazon S3 Required if registering an instance store-backed AMI
  • root_device_name (str) – The device name for the root device Required if registering an EBS-backed AMI
  • block_device_mapping (dict) – A dictionary of the disk layout (optional)
  • kernel_id (str) – Kernel id for AMI (optional)
  • ramdisk_id (str) – RAM disk for AMI (optional)
  • virtualization_type (str) – The type of virtualization for the AMI you are registering, paravirt or hvm (optional)
  • ena_support (bool) – Enable enhanced networking with Elastic Network Adapter for the AMI
  • billing_products (''list'') – The billing product codes
  • sriov_net_support (str) – Set to “simple” to enable enhanced networking with the Intel 82599 Virtual Function interface
Return type:

NodeImage

ex_release_address(elastic_ip, domain=None)[source]

Releases an Elastic IP address using the IP (EC2-Classic) or using the allocation ID (VPC).

Parameters:
  • elastic_ip (ElasticIP) – Elastic IP instance
  • domain (str) – The domain where the IP resides (vpc only)
Returns:

True on success, False otherwise.

Return type:

bool

ex_replace_route(route_table, cidr, internet_gateway=None, node=None, network_interface=None, vpc_peering_connection=None)[source]

Replaces an existing route entry within a route table in a VPC.

Parameters:
  • route_table (EC2RouteTable) – The route table to replace the route in.
  • cidr (str) – The CIDR block used for the destination match.
  • internet_gateway (VPCInternetGateway) – The new internet gateway to route traffic through.
  • node (Node) – The new NAT instance to route traffic through.
  • network_interface (EC2NetworkInterface) – The new network interface of the node to route traffic through.
  • vpc_peering_connection (VPCPeeringConnection) – The new VPC peering connection.
Return type:

bool

Note: You must specify one of the following: internet_gateway,
node, network_interface, vpc_peering_connection.
ex_replace_route_table_association(subnet_association, route_table)[source]

Changes the route table associated with a given subnet in a VPC.

Note: This method can be used to change which table is the main route
table in the VPC (Specify the main route table’s association ID and the route table to be the new main route table).
Parameters:
  • subnet_association (EC2SubnetAssociation or str) – The subnet association object or subnet association ID.
  • route_table (EC2RouteTable) – The new route table to associate.
Returns:

A new route table association ID.

Return type:

str

ex_revoke_security_group_egress(id, from_port, to_port, cidr_ips=None, group_pairs=None, protocol='tcp')[source]

Edit a Security Group to revoke specific egress traffic using CIDR blocks or either a group ID, group name or user ID (account). This call is not supported for EC2 classic and only works for VPC groups.

Parameters:
  • id (str) – The id of the security group to edit
  • from_port (int) – The beginning of the port range to open
  • to_port (int) – The end of the port range to open
  • cidr_ips (list) – The list of ip ranges to allow traffic for.
  • group_pairs (list of dict) –

    Source user/group pairs to allow traffic for. More info can be found at http://goo.gl/stBHJF

    EC2 Classic Example: To allow access from any system associated with the default group on account 1234567890

    [{‘group_name’: ‘default’, ‘user_id’: ‘1234567890’}]

    VPC Example: Allow access from any system associated with security group sg-47ad482e on your own account

    [{‘group_id’: ‘ sg-47ad482e’}]

  • protocol (str) – tcp/udp/icmp
Return type:

bool

ex_revoke_security_group_ingress(id, from_port, to_port, cidr_ips=None, group_pairs=None, protocol='tcp')[source]

Edits a Security Group to revoke specific ingress traffic using CIDR blocks or either a group ID, group name or user ID (account).

Parameters:
  • id (str) – The ID of the security group to edit
  • from_port (int) – The beginning of the port range to open
  • to_port (int) – The end of the port range to open
  • cidr_ips (list) – The list of ip ranges to allow traffic for.
  • group_pairs (list of dict) –

    Source user/group pairs to allow traffic for. More info can be found at http://goo.gl/stBHJF

    EC2 Classic Example: To allow access from any system associated with the default group on account 1234567890

    [{‘group_name’: ‘default’, ‘user_id’: ‘1234567890’}]

    VPC Example: Allow access from any system associated with security group sg-47ad482e on your own account

    [{‘group_id’: ‘ sg-47ad482e’}]

  • protocol (str) – tcp/udp/icmp
Return type:

bool

ex_start_node(node)[source]

Starts the node by passing in the node object, does not work with instance store backed instances.

Parameters:node (Node) – The node to be used
Return type:bool
ex_stop_node(node)[source]

Stops the node by passing in the node object, does not work with instance store backed instances

Parameters:node (Node) – The node to be used
Return type:bool
get_image(image_id)[source]

Gets an image based on an image_id.

Parameters:image_id (str) – Image identifier
Returns:A NodeImage object
Return type:NodeImage
get_key_pair(name)[source]

Retrieve a single key pair.

Parameters:name (str) – Name of the key pair to retrieve.
Return type:KeyPair
import_key_pair_from_file(name, key_file_path)

Import a new public key from string.

Parameters:
  • name (str) – Key pair name.
  • key_file_path (str) – Path to the public key file.
Return type:

KeyPair object

import_key_pair_from_string(name, key_material)[source]

Import a new public key from string.

Parameters:
  • name (str) – Key pair name.
  • key_material (str) – Public key material.
Return type:

KeyPair object

list_images(location=None, ex_image_ids=None, ex_owner=None, ex_executableby=None, ex_filters=None)[source]

Lists all images @inherits: NodeDriver.list_images

Ex_image_ids parameter is used to filter the list of images that should be returned. Only the images with the corresponding image IDs will be returned.

Ex_owner parameter is used to filter the list of images that should be returned. Only the images with the corresponding owner will be returned. Valid values: amazon|aws-marketplace|self|all|aws id

Ex_executableby parameter describes images for which the specified user has explicit launch permissions. The user can be an AWS account ID, self to return images for which the sender of the request has explicit launch permissions, or all to return images with public launch permissions. Valid values: all|self|aws id

Ex_filters parameter is used to filter the list of images that should be returned. Only images matching the filter will be returned.

Parameters:
  • ex_image_ids (list of str) – List of NodeImage.id
  • ex_owner (str) – Owner name
  • ex_executableby (str) – Executable by
  • ex_filters (dict) – Filter by
Return type:

list of NodeImage

list_key_pairs()[source]

List all the available key pair objects.

Return type:list of KeyPair objects
list_locations()[source]

List data centers for a provider

Returns:list of node location objects
Return type:list of NodeLocation
list_nodes(ex_node_ids=None, ex_filters=None)[source]

Lists all nodes.

Ex_node_ids parameter is used to filter the list of nodes that should be returned. Only the nodes with the corresponding node IDs will be returned.

Parameters:
  • ex_node_ids (list of str) – List of node.id
  • ex_filters (dict) – The filters so that the list includes information for certain nodes only.
Return type:

list of Node

list_sizes(location=None)[source]

List sizes on a provider

Parameters:location (NodeLocation) – The location at which to list sizes
Returns:list of node size objects
Return type:list of NodeSize
list_snapshots(snapshot=None, owner=None)[source]

Describes all snapshots.

Parameters:
  • snapshot – If provided, only returns snapshot information for the provided snapshot.
  • owner (str) – The owner of the snapshot: self|amazon|ID
Return type:

list of VolumeSnapshot

list_volume_snapshots(volume)[source]

List snapshots for a storage volume.

Return type:list of VolumeSnapshot
list_volumes(node=None)[source]

List storage volumes.

Return type:list of StorageVolume
reboot_node(node)[source]

Reboot a node.

Parameters:node (Node) – The node to be rebooted
Returns:True if the reboot was successful, otherwise False
Return type:bool
wait_until_running(nodes, wait_period=3, timeout=600, ssh_interface='public_ips', force_ipv4=True, ex_list_nodes_kwargs=None)

Block until the provided nodes are considered running.

Node is considered running when it’s state is “running” and when it has at least one IP address assigned.

Parameters:
  • nodes (list of Node) – List of nodes to wait for.
  • wait_period (int) – How many seconds to wait between each loop iteration. (default is 3)
  • timeout (int) – How many seconds to wait before giving up. (default is 600)
  • ssh_interface (str) – Which attribute on the node to use to obtain an IP address. Valid options: public_ips, private_ips. Default is public_ips.
  • force_ipv4 (bool) – Ignore IPv6 addresses (default is True).
  • ex_list_nodes_kwargs (dict) – Optional driver-specific keyword arguments which are passed to the list_nodes method.
Returns:

[(Node, ip_addresses)] list of tuple of Node instance and list of ip_address on success.

Return type:

list of tuple