Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

For advanced users, Amazon Web Services supports the Boto Python scripting interface for finer-grained control of instances in your Amazon virtual private clouds. You use the Boto Python interface on a separate computer as an AWS API client. Knowledge of Python and Bash scripting and use of Boto are required for effective use of API clients with the AWS API Proxy.

Note

After setting up your AWS API Proxy for management of the Infoblox Grid and VPC resources in your cloud, ensure that all of your Cloud API users begin using the organization's AWS API Proxy addresses instead of the conventional AWS API service endpoints.


Setting Up an API Client

Note

After defining the AWS API hostnames in the client system’s /etc/hosts configuration file as described in this section, any AWS API client should be able to work with the AWS API Proxy. For illustrative purposes, this document describes use of the Boto AWS API client library. For detailed information on the AWS Boto interface, see https://boto.readthedocs.org/en/latest/.


You begin the Amazon API client configuration by defining the DNS CNAME aliases for the Infoblox vNIOS for AWS instance that will act as the AWS API Proxy. (For this section, we assume use of a vNIOS instance in the VPC as the AWS API Proxy, and a Linux system as the API client.) You define the aliases against the IP address of the vNIOS instance for every region in which the Infoblox vNIOS for AWS instance is intended to operate.
Example:

us-west-blox-gw1.corp100.com

us-east-blox-gw1.corp100.com

You edit the API client computer’s /etc/hosts file to redirect the client’s API requests, that would normally go to the EC2 endpoint, to the IP address of the NIOS appliance of the AWS API Proxy.

Example:

127.0.0.1 localhost localhost.localdomain
::1       localhost localhost.localdomain
...
10.1.1.191 us-west-blox-gw1.corp100.com
10.1.1.191 us-east-blox-gw1.corp100.com
...

Note how two aliases point to the same IP address, hence to the same instance hosting the AWS API Proxy. You can have more than one AWS API Proxy in the Grid.

When you want to use an API client to issue requests to the Infoblox AWS API Proxy, you can use the Boto Python interface to Amazon Web Services. Using the following configuration, all directives from this interface go to the AWS API Proxy. Add the following settings to your Boto configuration file, which should be located in your /home directory (assuming Linux as the terminal system):

[Boto]
debug = 1
num_retries = 0
https_validate_certificates = False
endpoints_path = /home/<admin_acct_name>/endpoints.json
logging.basicConfig(filename="boto.log", level=logging.DEBUG)
[Credentials]
aws_access_key_id = <aws-access-key>
aws_secret_access_key = <aws-secret-key>

As shown above, the Boto interface refers to an endpoints.json file (it can be named by any name, so long as the script calls the correct file) to refer to the DNS CNAME aliases that are already defined on the API client. This file needs to be located in the /home/<admin_acct_name>/ directory. This file locally modifies the standard set of AWS regional EC2 endpoints to assign as many as needed to the DNS hostname aliases defined on the API client.
Example:

"ec2": {

"ap-northeast-1": "ec2.ap-northeast-1.amazonaws.com",
"ap-southeast-1": "ec2.ap-southeast-1.amazonaws.com",
"ap-southeast-2": "ec2.ap-southeast-2.amazonaws.com",
"cn-north-1": "ec2.cn-north-1.amazonaws.com.cn",
"eu-west-1": "ec2.eu-west-1.amazonaws.com",
"sa-east-1": "ec2.sa-east-1.amazonaws.com",
"us-east-1": "us-east-blox-gw1.corp100.com",
"us-gov-west-1": "ec2.us-gov-west-1.amazonaws.com",
"us-west-1": "us-west-blox-gw1.corp100.com",
"us-west-2": "ec2.us-west-2.amazonaws.com",
"eu-central-1": "ec2.eu-central-1.amazonaws.com"

}

These statements redirect the client’s API requests to the Amazon EC2 regional endpoints, towards the NIOS host acting as the AWS API Proxy.

In the JSON file, API requests refer to the standard Amazon service endpoint values in each record (“us-east-1”). You also enter these standard values as part of assignments to the AWS API Proxy configuration (for information, see Assigning the AWS Service Endpoints to the AWS API Proxy). These definitions assign the AWS API Proxy, with each of its DNS host names, to the endpoints. (These host names are defined on the appliance, as described in Setting the DNS Name Server for the Amazon VPC .)

The following example illustrates how to connect to the AWS EC2 endpoint using the aforementioned Boto setup:

vpc_conn = boto.vpc.connect_to_region("us-west-1", port=8787)

Note

Port 8787 is the default AWS API port.


Continue your setup in the following section, Assigning the AWS Service Endpoints to the AWS API Proxy.

Assigning the AWS Service Endpoints to the AWS API Proxy

You use the values in the endpoints.json file to assign the EC2 service endpoint mappings to the vNIOS host, changing the values from the standard Amazon ones. You add these values to your vNIOS API Proxy configuration. For example, consider the JSON entry:

"us-west-1": "us-west-blox-gw1.corp100.com",

Instead of using the standard ec2.us-west-1.amazonaws.com value as the endpoint, you can use a DNS alias you configured for the NIOS appliance or Infoblox vNIOS for AWS instance (us-west-blox-gw1.corp100.com), as a substitute for the service endpoint of the particular Amazon region. You change these values for all EC2 service endpoints that you plan to use for Infoblox vNIOS for AWS. This enforces use of the AWS API Proxy in place of the service endpoints.
To perform the setup for the NIOS or vNIOS Cloud Platform Appliance that will operate as the AWS API Proxy, do the following:

  1. From the Grid tab, select the GridManager tab, and then click the Cloud-API service.
  2. Select the appliance that will run the API Proxy (the member must have the Cloud Network Appliance license) by selecting the Services tab -> cloud_member check box, and then click Edit.
  3. In the General tab -> AdministratorsallowedtomakeWAPIrequestsontheGridMaster section, select Setofadministrators and then click Add -> Local. You will see the complete list of configured Cloud user accounts. You choose the accounts from which API requests are allowed. In a default configuration, only the cloud/local account appears.
  4. Click the APIProxy tab -> AmazonWebServices tab, and then click the EnableService check box. Ensure that it is enabled.
  5. For the Port, enter the value for the TCP port (typically 8787).
  6. For the APIEndpointMapping, click Add.
    • APIProxyFQDN: For the Infoblox API Proxy this value consists of the DNS host name for the Infoblox vNIOS for AWS appliance. Along with the JSON configuration described above, these values enforce the placement of the Cloud Platform appliance as the AWS API Proxy, which receives all AWS API calls issued by API clients.
    • AWSEndpointFQDN: Enter the Amazon regional endpoint to which the API Proxy will send its processed API requests. Example: ec2.us-west-1.amazonaws.com.
  7. Save the configuration.

Note

The Cloud API service must be restarted in NIOS for configuration changes to take effect. The selected vNIOS member shows Cloud API Service in its Service Status column.


All API Request parameter names are case-insensitive. Infoblox recommends retaining the cases shown for all elements in this document.

  • No labels