Using VMware Cloud on AWS SDDC-Group APIs (Part 3)

Gilles Chekroun


Lead VMware Cloud on AWS Solutions Architect
---
Following the Part1 and Part2 I am adding more description and use of SDDC Grouping APIs.
In this article, I will focus on:
  • Adding / removing AWS account
  • Accepting / removing Customer VPC attachments

Adding Customer AWS account

The API to use for that is:
def connect_aws_account(account, region, resource_id, org_id, session_token):
myHeader = {'csp-auth-token': session_token}
myURL = "{}/network/{}/aws/operations".format(BaseURL, org_id)
body = {
"type": "ADD_EXTERNAL_ACCOUNT",
"resource_id": resource_id,
"resource_type": "network-connectivity-config",
"config" : {
"type": "AwsAddExternalAccountConfig",
"account" : {
"account_number": account,
"regions" : [region],
"auto_approval": "true"
}
}
}
response = requests.post(myURL, json=body, headers=myHeader)
json_response = response.json()
task_id = json_response ['id']
return task_id
Note the "type" of "ADD_EXTERNAL_ACCOUNT" and "config" "type" of "AwsAddExternalAccountConfig"
The vtc.py will use the option connect-aws

% python vtc.py connect-aws  

=====Connecting AWS account=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

PENDING

.....

FINISHED in 00min 13sec

% 


The AWS account is now added and the VMware Managed TGW is shared with that account under AWS console Resource Access Manager.

Adding VPC attachments

Now that the VMware TGW is visible in the customer AWS console, the customer can attach VPCs and we need to accept the attachments.
From an API point of view we need to get a list of VPCs with PENDING_ACCEPTANCE
This can de done with API using:
Click on EXECUTE and scroll down to the API response to see the VPCs pending acceptance:
def get_pending_att(resource_id, org_id, session_token):
myHeader = {'csp-auth-token': session_token}
myURL = "{}/network/{}/core/network-connectivity-configs/{}?trait=AwsVpcAttachmentsTrait".format(BaseURL, org_id, resource_id)
response = requests.get(myURL, headers=myHeader)
json_response = response.json()
vpcs=[]
n=1
for i in range(len(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'])):
print("Account: " + json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['account_number'])
for j in range(len(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'])):
if json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'][int(j)]['state'] == "PENDING_ACCEPTANCE":
print(str(n) +": " + "VPC attachment = " + str(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'][int(j)]['attach_id']))
vpcs.append(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'][int(j)]['attach_id'])
n=n+1
return vpcs
The vtc.py will use the option attach-vpc
def attach_vpc(att_id, resource_id, org_id, account, session_token):
myHeader = {'csp-auth-token': session_token}
myURL = "{}/network/{}/aws/operations".format(BaseURL, org_id)
body = {
"type": "APPLY_ATTACHMENT_ACTION",
"resource_id": resource_id,
"resource_type": "network-connectivity-config",
"config" : {
"type": "AwsApplyAttachmentActionConfig",
"account" : {
"account_number": account,
"attachments": [
{
"action": "ACCEPT",
"attach_id": att_id
}
]
}
}
}
response = requests.post(myURL, json=body, headers=myHeader)
json_response = response.json()
task_id = json_response ['id']
return task_id
Note the "type" of "APPLY_ATTACHMENT_ACTION" and "config" "type" of "AwsApplyAttachmentActionConfig"

Attaching first VPC

% python vtc.py attach-vpc

=====Attaching VPCs=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

Account: 0631xxxxxxxx

1: VPC attachment = tgw-attach-0d022c7423ff93bc6

2: VPC attachment = tgw-attach-0526080320c4508fd

   Select VPC to attach: 1

PENDING

............................................

FINISHED in 01min 54sec

% 

Attaching Second VPC

% python vtc.py attach-vpc

=====Attaching VPCs=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

Account: 0631xxxxxxxx

1: VPC attachment = tgw-attach-0526080320c4508fd

   Select VPC to attach: 1

PENDING

...................................................

FINISHED in 02min 11sec

% 

No more VPC to Attach

% python vtc.py attach-vpc

=====Attaching VPCs=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

Account: 0631xxxxxxxx

   No VPC to attach

% 



Removing VPC Attachments

Similarly to adding VPC attachments, we also need a list of attached VPCs.
The API is the same, just checking for "attachment" "state" "AVAILABLE"
def get_available_att(resource_id, org_id, session_token):
myHeader = {'csp-auth-token': session_token}
myURL = "{}/network/{}/core/network-connectivity-configs/{}?trait=AwsVpcAttachmentsTrait".format(BaseURL, org_id, resource_id)
response = requests.get(myURL, headers=myHeader)
json_response = response.json()
vpcs=[]
n=1
for i in range(len(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'])):
print("Account: " + json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['account_number'])
for j in range(len(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'])):
if json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'][int(j)]['state'] == "AVAILABLE":
print(str(n) +": " + "VPC attachment = " + str(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'][int(j)]['attach_id']))
vpcs.append(json_response['traits']['AwsVpcAttachmentsTrait']['accounts'][int(i)]['attachments'][int(j)]['attach_id'])
n=n+1
return vpcs
The vtc.py will use the option detach-vpc
def detach_vpc(att_id, resource_id, org_id, account, session_token):
myHeader = {'csp-auth-token': session_token}
myURL = "{}/network/{}/aws/operations".format(BaseURL, org_id)
body = {
"type": "APPLY_ATTACHMENT_ACTION",
"resource_id": resource_id,
"resource_type": "network-connectivity-config",
"config" : {
"type": "AwsApplyAttachmentActionConfig",
"account" : {
"account_number": account,
"attachments": [
{
"action": "DELETE",
"attach_id": att_id
}
]
}
}
}
response = requests.post(myURL, json=body, headers=myHeader)
json_response = response.json()
task_id = json_response ['id']
return task_id

Detach first VPC

% python vtc.py detach-vpc

=====Detaching VPCs=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

Account: 0631xxxxxxxx

1: VPC attachment = tgw-attach-0d022c7423ff93bc6

2: VPC attachment = tgw-attach-0526080320c4508fd

  Select VPC to detach: 2

PENDING

........................................

FINISHED in 01min 42sec

% 

Detach second VPC

% python vtc.py detach-vpc

=====Detaching VPCs=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

Account: 0631xxxxxxxx

1: VPC attachment = tgw-attach-0d022c7423ff93bc6

  Select VPC to detach: 1

PENDING

..............................................

FINISHED in 02min 00sec

% 

No more VPCs to detach

% python vtc.py detach-vpc

=====Detaching VPCs=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

Account: 0631xxxxxxxx

   No VPC to detach

% 

Removing Customer AWS account

The API is similar to the one used for Adding AWS account only using  the "type" of "REMOVE_EXTERNAL_ACCOUNT" and "config" "type" of "AwsRemoveExternalAccountConfig"

def disconnect_aws_account(account, region, resource_id, org_id, session_token):
myHeader = {'csp-auth-token': session_token}
myURL = "{}/network/{}/aws/operations".format(BaseURL, org_id)
body = {
"type": "REMOVE_EXTERNAL_ACCOUNT",
"resource_id": resource_id,
"resource_type": "network-connectivity-config",
"config" : {
"type": "AwsRemoveExternalAccountConfig",
"account" : {
"account_number": account
}
}
}
response = requests.post(myURL, json=body, headers=myHeader)
json_response = response.json()
task_id = json_response ['id']
return task_id

The vtc.py will use the option disconnect-aws

% python vtc.py disconnect-aws

===== Disconnecting AWS account =========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

PENDING

........

FINISHED in 00min 20sec

% 


We can now remove the SDDC and delete the Group.

% python vtc.py detach-sddc      

===== Removing SDDC =========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

1: M15_Hack_Pod1

2: M15-SDDC

3: M15_Hack_Pod3

4: M15_Hack_Pod2

   Select one SDDC to detach: 2

PENDING

....................................................................................................................

FINISHED in 05min 02sec

%

%

%

% python vtc.py delete-sddc-group

=====Deleting SDDC Group=========

1: SDDC-Group_API: 302381e5-cac1-4f9c-a847-fb2873ea41fb

2: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 1

0

PENDING

..

FINISHED in 00min 05sec

% 

Next Step

I will add more functionality to the vtc.py program that you can download here.
Stay tuned.

Thanks for reading.

Comments

Populars

Egress VPC and AWS Transit Gateway (Part1)

AWS Transitive routing with Transit Gateways in the same region

Build a VMware Cloud on AWS Content Library using AWS S3