How to use create_client_vpn_endpoint method in localstack

Best Python code snippet using localstack_python

create.py

Source:create.py

...154        return False155    success = get_dns_servers(options)156    if not success:157        return False158    success = create_client_vpn_endpoint(options)159    if not success:160        return False161    success = add_cidr_to_all_security_groups(options)162    if not success:163        return False164    return True165def add_cidr_to_all_security_groups(options):166    """167    Adds the VPN CIDR to all security groups that would block traffic.168    If there is a security group with a rule allowing all traffic from all169    sources then no change is applied to that security group.170    If there is a security group allowing traffic coming from only a specific171    IP address then this function adds a rule to allow traffic from the VPN CIDR.172    This is noisy.173    :param options: Options passed as command line arguments by the user174    :return: True if all security groups were modified to allow all traffic from the VPN CIDR175    """176    # TODO: Implement this feature177    return True178def create_acm_certs(options):179    """180    Create the ACM resources181    :param options: Options passed as command line arguments by the user182    :return: True if all the resources were successfully created183    """184    session = boto3.Session(profile_name=options.profile,185                            region_name='us-east-1')186    acm_client = session.client('acm')187    state = State()188    try:189        response = acm_client.import_certificate(190            Certificate=read_file_b(state.get('server_crt')),191            PrivateKey=read_file_b(state.get('server_key')),192            CertificateChain=read_file_b(state.get('ca_crt')),193        )194    except Exception as e:195        print('Failed to import server certificate: %s' % e)196        return False197    else:198        state.append('server_cert_acm_arn', response['CertificateArn'])199    try:200        response = acm_client.import_certificate(201            Certificate=read_file_b(state.get('client_crt')),202            PrivateKey=read_file_b(state.get('client_key')),203            CertificateChain=read_file_b(state.get('ca_crt')),204        )205    except Exception as e:206        print('Failed to import client certificate: %s' % e)207        return False208    else:209        state.append('client_cert_acm_arn', response['CertificateArn'])210    print('Successfully created certificates in ACM')211    return True212def get_cidr_block(options):213    """214    This is the CIDR block for the VPN clients.215    We'll be the only ones connecting to this VPN so a /30 is more than enough,216    but it is very important for us to choose a CIDR block that:217        * Doesn't overlap with the client's local network (usually 192.168.0.0/24218          or 10.0.0.0/16)219        * Doesn't overlap with any of the CIDR blocks defined in the target account,220          blocks defined in VPC peerings, etc.221    Ideally it should be a CIDR block that is adjacent to the VPC CIDR.222    For example if the VPC has 10.0.0.0/24 we should choose 10.0.1.0/30 to benefit223    from potential security groups which are allowing access to 10.0.0.0/16.224    :param options: Options passed as command line arguments by the user225    :return: True if we were able to find a CIDR block for the VPN client226    """227    state = State()228    state.append('cidr_block', '10.2.0.0/16')229    # TODO: Choose a /30 or /29 CIDR block! Larger has more changes of collision230    print('Using CIDR block %s' % state.get('cidr_block'))231    return True232def get_dns_servers(options):233    """234    Get the DNS servers for the VPN connection.235    If the target VPC has a custom set of DNS servers (most likely internal or236    route53 servers) use those. They will allow us to better map the internal237    network.238    If there are no custom DNS servers set in the VPC just use:239        * 1.1.1.1240        * 8.8.8.8241    :param options: Options passed as command line arguments by the user242    :return: True if we were able to get the DNS servers for the VPN243    """244    state = State()245    # TODO: Implement custom DNS according to remote config246    state.append('dns_server_list', DEFAULT_DNS_SERVERS)247    print('Using DNS servers: %s' % ', '.join(state.get('dns_server_list')))248    return True249def create_client_vpn_endpoint(options):250    """251    Create client VPN endpoint252        aws ec2 create-client-vpn-endpoint ...253    :param options: Options passed as command line arguments by the user254    :return: True if all the SSL certs were successfully created255    """256    state = State()257    session = boto3.Session(profile_name=state.get('profile'),258                            region_name='us-east-1')259    ec2_client = session.client('ec2')260    #261    #    aws ec2 create-client-vpn-endpoint262    #263    try:264        response = ec2_client.create_client_vpn_endpoint(265            ClientCidrBlock=state.get('cidr_block'),266            ServerCertificateArn=state.get('server_cert_acm_arn'),267            AuthenticationOptions=[268                {'Type': 'certificate-authentication',269                 'MutualAuthentication': {270                     'ClientRootCertificateChainArn': state.get('client_cert_acm_arn')271                 }}272            ],273            ConnectionLogOptions={274                'Enabled': False,275            },276            DnsServers=state.get('dns_server_list'),277            TransportProtocol='udp',278            # Only route some traffic to the VPN, internet traffic will...

vpn-setup.py

Source:vpn-setup.py

...85            }86        ]87        security_group_ids = [c.strip() for c in security_groups.split(',') if not c.isspace()]88        public_subnet_ids = [c.strip() for c in public_subnets.split(',') if not c.isspace()]89        response = client.create_client_vpn_endpoint(90            ClientCidrBlock=client_cidr,91            ServerCertificateArn=server_cert,92            AuthenticationOptions=authn_options,93            ConnectionLogOptions=connection_log,94            DnsServers=[],95            TransportProtocol='udp',96            Description=description,97            SplitTunnel=split_tunnel,98            VpnPort=443,99            DryRun=False,100            TagSpecifications=tags,101            SecurityGroupIds=security_group_ids,102            VpcId=vpc_id,103        )...

create_vpn.py

Source:create_vpn.py

...67        GroupId=sg_id, 68        IpPermissions=[{'IpProtocol': '-1', 'FromPort': -1, 'ToPort': -1, 'UserIdGroupPairs': [{ 'GroupId': sg_id}] }],69    )70print("Creating VPN endpoint")71res = ec2.create_client_vpn_endpoint(72    ClientCidrBlock=vpn_cidr, 73    ServerCertificateArn=cert_server["CertificateArn"],74    AuthenticationOptions=[{"Type":"certificate-authentication", "MutualAuthentication": {"ClientRootCertificateChainArn": cert_server["CertificateArn"]}}],75    SplitTunnel=True,76    VpcId=vpc_id,77    SecurityGroupIds=[sg_id],78    ConnectionLogOptions={"Enabled": True, "CloudwatchLogGroup": "vpn-client-logs" , "CloudwatchLogStream": "connections"},79    TagSpecifications=[{"ResourceType": "client-vpn-endpoint", "Tags":[{"Key": "Name", "Value": vpn_name}]}]80    )81vpn_id = res["ClientVpnEndpointId"]82print("Associating subnet")83ec2.associate_client_vpn_target_network(ClientVpnEndpointId=vpn_id, SubnetId=subnet_id)84print("Adding authorization")85ec2.authorize_client_vpn_ingress(ClientVpnEndpointId=vpn_id, TargetNetworkCidr="0.0.0.0/0", AuthorizeAllGroups=True)...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.