Table of Contents
Network automation and programmability have been discussed for a long time. Instead of manually accessing devices like routers, switches, and servers, Python is providing a way to automate these tasks and save time accessing the GUIs of various cloud service portals just to connect to their instances.
Today, we have experimented with one such thing: trying to connect to an AWS Ubuntu EC2 instance by scripting a Python automation code using the Netmiko module.
But why use Python automation?
Let’s imagine you have 50 EC2 instances for your organisation that provide specific services, let’s assume all of these are servers that serve traffic from various geo locations, if you want to update a configuration on these instances it would take hours using the AWS portal. What we are doing simply is using the “Netmiko” module to automate these tasks.
Netmiko isn’t limited to virtual instances, its quite popular for managing network devices like Routers, Switches, Servers, Load Balancers and many more and across all vendors remotely.
About Netmiko module
Netmiko is a python library built on Paramiko, its a module used to send commands, retrieve outputs, automate network tasks, its gaining popularity due its capabilities and support for all vendors, Apart from just sending commands through SSH, it also supports SFTP (Secure File Transfer Protocol) to transport files between network devices.
When working in unreliable network environments it helps in setting timeouts for SSH connections, allowing to retry logic after every timeout.
Step by Step guide for remote connection :
Before we begin, make sure once you create the SSH keys during the launch of any EC2 instance, keep it handy and store it in an accessible folder, don’t forget to copy your EC2 instance public IP before writing the script.
SSH for EC2 uses RSA asymmetric encryption, hence a “<keyname>.pem” file which is a private key and is automatically downloaded into your local system.
Step:1 Giving required permissions to the .pem file
Because the private key is sensitive the SSH client requires that there’s restricted access to the “.pem” file, to give the necessary permissions, run “git bash” or “WSL (windows subsystem for Linux”) as administrator, run the command :
chmod 400 /path/to/your/private_key.pemIn WSL paths are mounted under “mnt” so the equivalent path would be
chmod 400 /mnt/path/to/your/private_key.pem
Here “chmod 400” gives the following file permissions to the owner:
4: Read Permission; 0: no write; 0: no execute
The above permissions scheme is must before you try and establish any remote connection with an SSH client, if a file is “too open” the SSH client returns the same error and prevents from establishing connections.
Step:2 Installing the netmiko module
Just like any module we can install it using
pip install netmikoIf you are a beginner it is preferred to do it in a “python venv” or virtual environment.
Step:3 Import and define a dictionary
import netmiko
aws_instance={
"device_type":"EC2 corresponding device type",
"host":"EC2 device public IP or DNS",
"username":"corresponding EC2 username",
"use_keys":True, #True for using ssh keys
"key_file":r"path\to\key_file\.pem"
"port": 22, #ssh operates on port 22
"timeout": 100 #value in seconds for request timeout
}
Step:4 Writing code for establishing a connection
try:
aws_connect = ConnectHandler(**aws_instance)
print(f"Successfully connected to: {aws_instance['username']} on: {aws_instance['host']}")
output = aws_connect.send_command("uname -a")
print(output)
print("press q to disconnece from instance")
while True:
if keyboard.is_pressed('q'):
aws_connect.disconnect()
except Exception as e:
print(f"An Error Occurred: {e}")
Let me explain what each line means :
- try: part of the error handling mechanism of Python, executes this block first
- aws_connect : is the object created and can be used to perform all the operations for the rest of the code
- ConnectHandler(): netmiko function that helps establish SSH connection
- **aws_instance: dictionary argument for the above function, ** stips dictionary key-value pairs individually and passes it to the function instead of manually typing every argument.
- aws_connect.send_command: uses the object “aws_connect” and send_command() function passes linux or any commands to the connected device
- uname -a: a Linux command use to return the details of the instance
This is how we connect to an EC2 instance using SSH and the Netmiko module of Python.
Read our other articles: Virtual LAN: A Must-Know Concept for CCNA
Divyanshi Budakoti