How to use create_client_vpn_endpoint method in localstack

Best Python code snippet using localstack_python

create.py

Source:create.py Github

copy

Full Screen

...154 return False155 success = get_dns_servers(options)156 if not success:157 return False158 success = create_client_vpn_endpoint(options)159 if not success:160 return False161 success = add_cidr_to_all_security_groups(options)162 if not success:163 return False164 return True165def add_cidr_to_all_security_groups(options):166 """167 Adds the VPN CIDR to all security groups that would block traffic.168 If there is a security group with a rule allowing all traffic from all169 sources then no change is applied to that security group.170 If there is a security group allowing traffic coming from only a specific171 IP address then this function adds a rule to allow traffic from the VPN CIDR.172 This is noisy.173 :param options: Options passed as command line arguments by the user174 :return: True if all security groups were modified to allow all traffic from the VPN CIDR175 """176 # TODO: Implement this feature177 return True178def create_acm_certs(options):179 """180 Create the ACM resources181 :param options: Options passed as command line arguments by the user182 :return: True if all the resources were successfully created183 """184 session = boto3.Session(profile_name=options.profile,185 region_name='us-east-1')186 acm_client = session.client('acm')187 state = State()188 try:189 response = acm_client.import_certificate(190 Certificate=read_file_b(state.get('server_crt')),191 PrivateKey=read_file_b(state.get('server_key')),192 CertificateChain=read_file_b(state.get('ca_crt')),193 )194 except Exception as e:195 print('Failed to import server certificate: %s' % e)196 return False197 else:198 state.append('server_cert_acm_arn', response['CertificateArn'])199 try:200 response = acm_client.import_certificate(201 Certificate=read_file_b(state.get('client_crt')),202 PrivateKey=read_file_b(state.get('client_key')),203 CertificateChain=read_file_b(state.get('ca_crt')),204 )205 except Exception as e:206 print('Failed to import client certificate: %s' % e)207 return False208 else:209 state.append('client_cert_acm_arn', response['CertificateArn'])210 print('Successfully created certificates in ACM')211 return True212def get_cidr_block(options):213 """214 This is the CIDR block for the VPN clients.215 We'll be the only ones connecting to this VPN so a /30 is more than enough,216 but it is very important for us to choose a CIDR block that:217 * Doesn't overlap with the client's local network (usually 192.168.0.0/24218 or 10.0.0.0/16)219 * Doesn't overlap with any of the CIDR blocks defined in the target account,220 blocks defined in VPC peerings, etc.221 Ideally it should be a CIDR block that is adjacent to the VPC CIDR.222 For example if the VPC has 10.0.0.0/24 we should choose 10.0.1.0/30 to benefit223 from potential security groups which are allowing access to 10.0.0.0/16.224 :param options: Options passed as command line arguments by the user225 :return: True if we were able to find a CIDR block for the VPN client226 """227 state = State()228 state.append('cidr_block', '10.2.0.0/16')229 # TODO: Choose a /30 or /29 CIDR block! Larger has more changes of collision230 print('Using CIDR block %s' % state.get('cidr_block'))231 return True232def get_dns_servers(options):233 """234 Get the DNS servers for the VPN connection.235 If the target VPC has a custom set of DNS servers (most likely internal or236 route53 servers) use those. They will allow us to better map the internal237 network.238 If there are no custom DNS servers set in the VPC just use:239 * 1.1.1.1240 * 8.8.8.8241 :param options: Options passed as command line arguments by the user242 :return: True if we were able to get the DNS servers for the VPN243 """244 state = State()245 # TODO: Implement custom DNS according to remote config246 state.append('dns_server_list', DEFAULT_DNS_SERVERS)247 print('Using DNS servers: %s' % ', '.join(state.get('dns_server_list')))248 return True249def create_client_vpn_endpoint(options):250 """251 Create client VPN endpoint252 aws ec2 create-client-vpn-endpoint ...253 :param options: Options passed as command line arguments by the user254 :return: True if all the SSL certs were successfully created255 """256 state = State()257 session = boto3.Session(profile_name=state.get('profile'),258 region_name='us-east-1')259 ec2_client = session.client('ec2')260 #261 # aws ec2 create-client-vpn-endpoint262 #263 try:264 response = ec2_client.create_client_vpn_endpoint(265 ClientCidrBlock=state.get('cidr_block'),266 ServerCertificateArn=state.get('server_cert_acm_arn'),267 AuthenticationOptions=[268 {'Type': 'certificate-authentication',269 'MutualAuthentication': {270 'ClientRootCertificateChainArn': state.get('client_cert_acm_arn')271 }}272 ],273 ConnectionLogOptions={274 'Enabled': False,275 },276 DnsServers=state.get('dns_server_list'),277 TransportProtocol='udp',278 # Only route some traffic to the VPN, internet traffic will...

Full Screen

Full Screen

vpn-setup.py

Source:vpn-setup.py Github

copy

Full Screen

...85 }86 ]87 security_group_ids = [c.strip() for c in security_groups.split(',') if not c.isspace()]88 public_subnet_ids = [c.strip() for c in public_subnets.split(',') if not c.isspace()]89 response = client.create_client_vpn_endpoint(90 ClientCidrBlock=client_cidr,91 ServerCertificateArn=server_cert,92 AuthenticationOptions=authn_options,93 ConnectionLogOptions=connection_log,94 DnsServers=[],95 TransportProtocol='udp',96 Description=description,97 SplitTunnel=split_tunnel,98 VpnPort=443,99 DryRun=False,100 TagSpecifications=tags,101 SecurityGroupIds=security_group_ids,102 VpcId=vpc_id,103 )...

Full Screen

Full Screen

create_vpn.py

Source:create_vpn.py Github

copy

Full Screen

...67 GroupId=sg_id, 68 IpPermissions=[{'IpProtocol': '-1', 'FromPort': -1, 'ToPort': -1, 'UserIdGroupPairs': [{ 'GroupId': sg_id}] }],69 )70print("Creating VPN endpoint")71res = ec2.create_client_vpn_endpoint(72 ClientCidrBlock=vpn_cidr, 73 ServerCertificateArn=cert_server["CertificateArn"],74 AuthenticationOptions=[{"Type":"certificate-authentication", "MutualAuthentication": {"ClientRootCertificateChainArn": cert_server["CertificateArn"]}}],75 SplitTunnel=True,76 VpcId=vpc_id,77 SecurityGroupIds=[sg_id],78 ConnectionLogOptions={"Enabled": True, "CloudwatchLogGroup": "vpn-client-logs" , "CloudwatchLogStream": "connections"},79 TagSpecifications=[{"ResourceType": "client-vpn-endpoint", "Tags":[{"Key": "Name", "Value": vpn_name}]}]80 )81vpn_id = res["ClientVpnEndpointId"]82print("Associating subnet")83ec2.associate_client_vpn_target_network(ClientVpnEndpointId=vpn_id, SubnetId=subnet_id)84print("Adding authorization")85ec2.authorize_client_vpn_ingress(ClientVpnEndpointId=vpn_id, TargetNetworkCidr="0.0.0.0/0", AuthorizeAllGroups=True)...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run localstack automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful