No project description provided
Project description
Slackbot for AWS EC2 Management
This repository contains a Slackbot that allows you to manage AWS EC2 instances directly from Slack. The bot is built with Python, using Flask for the web server and the slack-sdk
for interacting with the Slack API.
Features
- Launch EC2 instances for connecting with SSH.
- Start, stop and terminate EC2 instances.
- Change EC2 instance type.
- Create, attach, detach, and destroy EBS volumes.
- Optionally mount SageMaker Studio EFS or EBS volume.
- Warn users to consider terminating long-running EC2 instances.
Usage
The bot is designed to be used with Slack slash commands. The following commands are supported:
Command | Description |
---|---|
/ec2 key |
Upload your public SSH key for EC2 instances. This opens a modal where you can paste your public key. |
/ec2 up |
Launch an EC2 instance. This opens a modal where you can select the AMI, instance type, and other options. |
/ec2 down |
Terminate running EC2 instances. This opens a modal where you can select the instances to terminate. |
/ec2 change |
Modify the configuration of a running EC2 instance. This opens a modal where you can select the instance and the new instance type. |
/ec2 start |
Start stopped EC2 instances. This opens a modal where you can select the instances to start. |
/ec2 stop |
Stop running EC2 instances. This opens a modal where you can select the instances to stop. |
/ebs create |
Create the EBS volume (limited to one per user). This opens a modal where you can select the size. |
/ebs resize |
Resize the EBS volume. This opens a modal where you can select the new size. |
/ebs attach |
Attach the EBS volume to an EC2 instance. This opens a modal where you can select the instance to attach to. |
/ebs detach |
Detach the EBS volume from any EC2 instances. |
/ebs destroy please |
Destroy the EBS volume. |
Configuration
The bot's configuration is stored in a config.yaml
file. An example configuration is provided in config.yaml.example
. The configuration includes AWS region, subnet, and security group details, as well as AMI and instance type options.
SSM (Simple Systems Manager)
The instances establish a connection using SSH over SSM.
For AWS, you need to perform the following steps:
-
Create a role and attach the
AmazonSSMManagedInstanceCore
policy to it. Then, set theiam_instance_profile
inconfig.yaml
to the name of this profile. -
If your
subnet
is private, you will need to configure your VPC endpoints to allow SSM connections. -
Make sure your AWS account is set to have an "advanced activation tier":
aws ssm update-service-setting \ --setting-id arn:aws:ssm:<region>:<account>:servicesetting/ssm/managed-instance/activation-tier \ --setting-value advanced
-
Ensure that the IAM policy for the user includes the following permissions to start an SSM session:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ssm:StartSession", "Resource": [ "arn:aws:ec2:*", "arn:aws:ssm:*:*:document/AWS-StartSSHSession" ], "Condition": { "BoolIfExists": { "ssm:SessionDocumentAccessCheck": "true" } } } ] }
For your local machine, you need to:
-
Insert the following lines into your
~/.ssh/config
:# >>> AWS SSM config >>> Host i-* mi-* StrictHostKeyChecking accept-new ForwardAgent yes ProxyCommand aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters "portNumber=%p" # <<< AWS SSM config <<<
After these configurations, users can SSH into instances using:
ssh ubuntu@i-... # i-... is the instance id
Mount SageMaker Studio EFS
The "classic" version of SageMaker Studio mounts a shared EFS drive on all instances. One key advantage of using a regular EC2 instance is the ability to run docker
directly, unlike SageMaker Studio apps which operate within a docker container.
In order to mount the EFS folder associated with the Slack user, you need to specify the efs_ip
of the EFS that corresponds to the subnet
, and the sagemaker_studio_domain_id
in the config.yaml
file. Additionally, the security_groups
should incorporate the security-group-for-outbound-nfs
used by SageMaker Studio. The Slack user name should correspond to the SageMaker Studio user name (except that dots are replaced with hyphens).
Mount EBS
Every Slack user can create an EBS volume with the /ec2 create_volume
command, which they can mount at /home
. During the initial setup, the volume will be formatted, and the /home
directory will be configured. EBS volumes offer higher performance compared to EFS due to their non-networked nature, but they are typically limited to being attached to a single EC2 instance at a time.
If you choose not to mount the EBS at /home
, you can use it as an additional device. For more details, refer to the section "Common Operations with EBS Volumes".
Note: EBS volumes of type io1
and io2
support multi-attach, but this requires a cluster setup.
Deployment Steps
-
Install the necessary dependencies by running
make install
in your terminal. Alternatively you can runpip install ec2-slackbot
. -
Create a new Slack app. This app will interact with your deployment.
-
Update the
.env
file with yourSLACK_BOT_TOKEN
andSLACK_SIGNING_SECRET
. These are essential for the Slack app to function correctly. -
Start the application by executing
make run
orec2-slackbot --config=config.yaml
in your terminal. This will start the server on port 3000. To make the server accessible publicly, you can use a tool likengrok
to forward the port. -
Configure your Slack app with the following manifest settings:
... features: bot_user: display_name: EC2 always_online: false slash_commands: - command: /ec2 url: https://<your-url>/slack/commands description: EC2 usage_hint: key | up | down | change | start | stop should_escape: false - command: /ebs url: https://<your-url>/slack/commands description: EBS usage_hint: create | resize | attach | detach | destroy should_escape: false oauth_config: scopes: bot: - chat:write - commands - im:write - users:read settings: interactivity: is_enabled: true request_url: https://<your-url>/slack/events ...
-
Ensure the IAM role assigned to
ec2-slackbot
includes the following permissions to manage EC2 instances and EBS volumes:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:RunInstances", "ec2:TerminateInstances", "ec2:DescribeVolumes", "ec2:StopInstances", "ec2:StartInstances", "ec2:ModifyInstanceAttribute", "ec2:CreateVolume", "ec2:DeleteVolume", "ec2:AttachVolume", "ec2:DetachVolume", "ec2:ModifyVolume", "ec2:DescribeKeyPairs", "ec2:ImportKeyPair", "ec2:DeleteKeyPair", "sagemaker:DescribeUserProfile" ], "Resource": [ "arn:aws:ec2:*", "arn:aws:sagemaker:*" ] } ] }
Common Operations with EBS Volumes
The EBS device will either be /dev/xvdh
or /dev/nvme1n1
depending on the type of the EC2 instance.
if [ -e /dev/xvdh ]; then
device=/dev/xvdh
else
device=/dev/nvme1n1
fi
To format the EBS volume:
sudo mkfs -L ebs_volume -t ext4 $device
To mount the EBS volume at /mnt
and ensure it is mounted automatically after a reboot:
echo "LABEL=ebs_volume /mnt ext4 defaults,nofail 0 2" | sudo tee -a /etc/fstab
If you resize the EBS volume with /ec2 resize_volume
then you will need to run
sudo resize2fs $device
Development
If you want to make changes to the code, it is recommended that you run make install-dev
to install the development dependencies. This will install the necessary packages for testing and formatting the code, as well as the pre-commit
hooks.
Tests can be run using make test
. The tests are run using localstack
to simulate AWS services locally. For this to work, you need to have docker
and the docker compose
plugin installed on your machine. Once you have finished testing, you can stop localstack
by running make stop-localstack
.
Alternatively, you run the tests on your AWS infrastructure with make test-on-aws
. This will run the tests on your AWS account, so make sure you have the necessary permissions and configurations set up.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file ec2_slackbot-0.1.2.tar.gz
.
File metadata
- Download URL: ec2_slackbot-0.1.2.tar.gz
- Upload date:
- Size: 17.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/5.15.0-112-generic
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 98fa62328ad6ccd4b5a99aa92b16fa95ada19bace6cd15c1553b31febea28195 |
|
MD5 | 7d8bb02b7ff0573cfa592e21ad3eb949 |
|
BLAKE2b-256 | fad248b47ba4ecef623258ec3b262da94d7ce403f8b0eda766f20478adf27b41 |
File details
Details for the file ec2_slackbot-0.1.2-py3-none-any.whl
.
File metadata
- Download URL: ec2_slackbot-0.1.2-py3-none-any.whl
- Upload date:
- Size: 16.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/5.15.0-112-generic
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | b2f6defccb0a6bfe57376f167c6d5085596b49276bd7918982de8efbc1943c20 |
|
MD5 | 6b89cba621910413c86bce2b64cbfe49 |
|
BLAKE2b-256 | 2fd8baef40c45f408075ea597e78dcbe16987e6363546e9a94022d6d82feca86 |