Topics

AWS PHP Service Discovery

Service Discovery is a simple PHP command to collect and store AWS information such as EC2s and RDSs in the current region and save them with their credentials into an encrypted JSON file on S3. The script later notifies each service via SSH and executes the service discovery client on each instance. Each client downloads the JSON file and uses it to configure different applications. It can easily be automated through Rundeck or Jenkins to be executed after each deploy.

Service Discovery is part of AWS PHP Commands.

Usage:

> php console.php aws:services:discover -h
Usage:
  aws:services:discover [options]

Options:
  -f, --forceNotify[=FORCENOTIFY]          Force Notify [default: false]
  -e, --notifyOnly[=NOTIFYONLY]            Notify only one of dev,prod [default: false]
  -c, --continueOnError[=CONTINUEONERROR]  Continue to next EC2 on client failure [default: false]
  -h, --help                               Display this help message
  -q, --quiet                              Do not output any message
  -V, --version                            Display this application version
      --ansi                               Force ANSI output
      --no-ansi                            Disable ANSI output
  -n, --no-interaction                     Do not ask any interactive question
  -v|vv|vvv, --verbose                     Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Help:
 Discovers services information and credentials.


Configuration
  • Required Environment Variables
    • AWS Keys: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
    • Encryption passwords : DEV_ENC_PASS for dev environment and PROD_ENC_PASS for production environment (currently set as “prod_test”).
  • endec.sh:
    • AwsPhpCommands/data/endec/endec.sh is bash script that uses OpenSSL for encrypting/decrypting files.
    • The password used for encryption ENC_PASS should be added to your environment variables depending on the environment to use with Service Discovery Client.
  • Services Credentials:
    • All services credentials are saved and encrypted using endec.sh script in keys/service-discovery/credentials.json.enc file.
    • To decrypt the file use
      export $PROD_ENC_PASS=prod_test; ./data/endec/endec.sh -o keys/service-discovery/ -d keys/service-discovery/credentials.json.enc
    • To encrypt back use
      export $PROD_ENC_PASS=prod_test; ./data/endec/endec.sh -o keys/service-discovery/ -e keys/service-discovery/credentials.json
  • \AwsPhpCommands\ServiceDiscovery\ServiceDiscoveryCommand::S3_BUCKET is the S3 bucket name.
  • \AwsPhpCommands\ServiceDiscovery\ServiceDiscoveryCommand::$WHITE_LIST_CIDRS contains a whitelist of IP ranges.
  • Services Discovery Client:
    • The service logs into each instance via SSH and executes /root/service-discovery-client.sh script to download the services-info.json.enc file from S3 and decrypt it.
    • All private keys should be added in /root/.ssh/ directory on the same server running the Service Discovery.
    • \AwsPhpCommands\ServiceDiscovery\ServiceDiscoveryCommand::$KEYNAME_LOGINS contains the EC2 key name as key and login username as value.
    Example JSON
    {
      "servicesInfo": {
        "ec2s": {
          "instance-name-prod": [
            {
              "id": "i-62882e2f",
              "name": "instance-name-prod",
              "keyName": "key-example",
              "publicIp": "74.125.224.72",
              "privateIp": "172.31.5.119",
              "securityGroup": "group_prod",
              "vpcId": "vpc-cd4x23ef",
              "tags": {
                "Name": "instance-name-prod"
              },
              "credentials": {
                "someService": {
                  "username": "user_prod",
                  "password": "prod_pass"
                }
              }
            }
          ]
        },
        "rdss": {
          "rds-name-prod": {
            "id": "rds-name-prod",
            "name": "rds-name-prod",
            "endpoint": "rds-name-prod.dfgadfg4df.us-west-1.rds.amazonaws.com",
            "securityGroup": "sg-2b2c86fd",
            "port": 3306,
            "credentials": {
              "dbOne": {
                "username": "user_prod",
                "dbName": "db_prod",
                "password": "prod_pass"
              },
              "dbTwo": {
                "username": "user_prod",
                "dbName": "db_prod",
                "password": "prod_pass"
              }
            }
          }
        },
        "servicesCredentials": {
          "instance-name-prod": {
            "someService": {
              "username": "user_prod",
              "password": "prod_pass"
            }
          },
          "instance-name-dev": {
            "someService": {
              "username": "user_dev",
              "password": "dev_pass"
            }
          },
          "rds-name-prod": {
            "dbOne": {
              "username": "user_prod",
              "dbName": "db_prod",
              "password": "prod_pass"
            },
            "dbTwo": {
              "username": "user_prod",
              "dbName": "db_prod",
              "password": "prod_pass"
            }
          },
          "rds-name-dev": {
            "dbOne": {
              "username": "user_dev",
              "dbName": "db_dev",
              "password": "dev_pass"
            },
            "dbTwo": {
              "username": "user_dev",
              "dbName": "db_dev",
              "password": "dev_pass"
            }
          }
        },
        "publicIps": [
          "74.125.224.72"
        ],
        "privateIps": [
          "172.31.5.119",
          "172.31.1.10"
        ],
        "whiteListCidrs": [
          "64.18.0.0\/20",
          "172.31.0.0\/16",
          "74.125.224.72\/32",
        ]
      }
    }
    

    By continuing to use the site, you agree to the use of cookies. more information

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

    Close