wanieldilson/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Usage

Run python3 generate_vpn_profile.py $your_domain_name $name_for_parameter_store_entry
The script will find a certificate based on the domain name you supplied as a command line argument. It will extract the cert and private key and insert them into an exported client VPN profile.
It will then upload the configuration file contents and the private key passphrase to AWS SSM Parameter store as SecureStrings

  
## generate_vpn_profile.py
import boto3
import sys
from random_word import RandomWords

# Generate a private key passphrase using the random_word library
r = RandomWords()
passphrase = f"{r.get_random_word()} {r.get_random_word()} {r.get_random_word()} {r.get_random_word()}"

# Initialise boto3 client for requires AWS services
acm = boto3.client('acm', region_name='eu-west-2')
ec2 = boto3.client('ec2', region_name='eu-west-2')
ssm = boto3.client('ssm', region_name='eu-west-2')

# Populate the domain_name and parameter_name values with passed in command line arguments
domain_name = sys.argv[1]
vpn_config_paramater_name = sys.argv[2]

def export_client_vpn_certificate_and_key(certificate_list, passphrase):
    client_vpn_certificate = {}
    for cert in certificate_list['CertificateSummaryList']:
        if domain_name in cert["DomainName"]:
            client_vpn_certificate = cert

    exported_client_vpn_certificate = acm.export_certificate(
        CertificateArn=client_vpn_certificate['CertificateArn'],
        Passphrase=passphrase
    )
    return {
        "Certificate": exported_client_vpn_certificate['Certificate'].strip(),
        "PrivateKey": exported_client_vpn_certificate['PrivateKey'].strip()
    }

def export_base_vpn_config(vpn_endpoints):
    cvpn_endpoint = vpn_endpoints['ClientVpnEndpoints'][0]['ClientVpnEndpointId']
    vpn_client_config = ec2.export_client_vpn_client_configuration(
    ClientVpnEndpointId=cvpn_endpoint
    )
    return vpn_client_config['ClientConfiguration'].strip()

def build_out_config_file(base_config,certificate,private_key):
    input = base_config.splitlines()
    completed_config = ""
    for line in input:
        completed_config += line + "\n"
        if '</ca>' in line:
            completed_config += "\n<cert>\n"
            completed_config += certificate
            completed_config += "\n\n</cert>\n"
            completed_config += "\n<key>\n"
            completed_config += private_key
            completed_config += "\n\n</key>\n"
    return completed_config

def add_to_paramter_store(name,content):
    ssm.put_parameter(
    Name=name,
    Description='string',
    Value=content,
    Overwrite=True,
    Tier='Advanced',
    Type='SecureString'
    )

# Export data from AWS and build config file
client_vpn_certificate = export_client_vpn_certificate_and_key(acm.list_certificates(), passphrase)
base_vpn_config = export_base_vpn_config(ec2.describe_client_vpn_endpoints())
completed_config = build_out_config_file(base_vpn_config,client_vpn_certificate['Certificate'],client_vpn_certificate['PrivateKey'])

# Copy config file and passphrase to parameter store
add_to_paramter_store(vpn_config_paramater_name,completed_config)
add_to_paramter_store(f"{vpn_config_paramater_name}-passphrase",passphrase)
	import boto3
	import sys
	from random_word import RandomWords

	# Generate a private key passphrase using the random_word library
	r = RandomWords()
	passphrase = f"{r.get_random_word()} {r.get_random_word()} {r.get_random_word()} {r.get_random_word()}"

	# Initialise boto3 client for requires AWS services
	acm = boto3.client('acm', region_name='eu-west-2')
	ec2 = boto3.client('ec2', region_name='eu-west-2')
	ssm = boto3.client('ssm', region_name='eu-west-2')

	# Populate the domain_name and parameter_name values with passed in command line arguments
	domain_name = sys.argv[1]
	vpn_config_paramater_name = sys.argv[2]

	def export_client_vpn_certificate_and_key(certificate_list, passphrase):
	client_vpn_certificate = {}
	for cert in certificate_list['CertificateSummaryList']:
	if domain_name in cert["DomainName"]:
	client_vpn_certificate = cert

	exported_client_vpn_certificate = acm.export_certificate(
	CertificateArn=client_vpn_certificate['CertificateArn'],
	Passphrase=passphrase
	)
	return {
	"Certificate": exported_client_vpn_certificate['Certificate'].strip(),
	"PrivateKey": exported_client_vpn_certificate['PrivateKey'].strip()
	}

	def export_base_vpn_config(vpn_endpoints):
	cvpn_endpoint = vpn_endpoints['ClientVpnEndpoints'][0]['ClientVpnEndpointId']
	vpn_client_config = ec2.export_client_vpn_client_configuration(
	ClientVpnEndpointId=cvpn_endpoint
	)
	return vpn_client_config['ClientConfiguration'].strip()

	def build_out_config_file(base_config,certificate,private_key):
	input = base_config.splitlines()
	completed_config = ""
	for line in input:
	completed_config += line + "\n"
	if '</ca>' in line:
	completed_config += "\n<cert>\n"
	completed_config += certificate
	completed_config += "\n\n</cert>\n"
	completed_config += "\n<key>\n"
	completed_config += private_key
	completed_config += "\n\n</key>\n"
	return completed_config

	def add_to_paramter_store(name,content):
	ssm.put_parameter(
	Name=name,
	Description='string',
	Value=content,
	Overwrite=True,
	Tier='Advanced',
	Type='SecureString'
	)

	# Export data from AWS and build config file
	client_vpn_certificate = export_client_vpn_certificate_and_key(acm.list_certificates(), passphrase)
	base_vpn_config = export_base_vpn_config(ec2.describe_client_vpn_endpoints())
	completed_config = build_out_config_file(base_vpn_config,client_vpn_certificate['Certificate'],client_vpn_certificate['PrivateKey'])

	# Copy config file and passphrase to parameter store
	add_to_paramter_store(vpn_config_paramater_name,completed_config)
	add_to_paramter_store(f"{vpn_config_paramater_name}-passphrase",passphrase)