clusters-list now works w/ cross-account VPCs

[chelma]

Description

• clusters-list now works w/ cross account VPCs and displays the account each VPC associated with the cluster is in. We do this using a cross-account IAM role that gives the Cluster account access to Parameter Store in the VPC account(s).
• Updated the README to explain how to do cross-account capture.
• Updated the detailed design diagram to reflect cross-account capture
• Updated the cluster-deregister-vpc to remove permissions for an account to create GWLB Endpoints on the cluster's GWLB if there are no other VPCs needing it

Tasks

• https://github.com/arkime/aws-aio/issues/109

Testing

• Added unit tests
• Manually tested clusters-list and cluster-deregister-vpc against my AWS accounts List call showing 1 VPC in the Cluster account and 2 VPCs in another account

  (.venv) chelma@3c22fba4e266 aws-aio % ./manage_arkime.py clusters-list
  2023-08-24 10:53:30 - Debug-level logs save to file: /Users/chelma/workspace/Arkime/aws-aio/manage_arkime/manage_arkime.log
  2023-08-24 10:53:30 - Using AWS Credential Profile: default
  2023-08-24 10:53:30 - Using AWS Region: default from AWS Config settings
  2023-08-24 10:53:30 - Retrieving cluster details...
  2023-08-24 10:53:36 - Deployed Clusters:
  [
  {
      "cluster_name": "MyCluster3",
      "opensearch_domain": "arkimedomain872-1nzuztrqm7dl",
      "configuration_capture": {
          "aws_aio_version": "1",
          "config_version": "7",
          "md5_version": "64295265159ac577cf741bb4d1966fcc",
          "source_version": "v0.1.1-10-g3487548",
          "time_utc": "2023-07-27 18:26:23"
      },
      "configuration_viewer": {
          "aws_aio_version": "1",
          "config_version": "8",
          "md5_version": "d02bb7234476fdbed38e08f1ac94cd26",
          "source_version": "v0.1.1-11-g8514f7b",
          "time_utc": "2023-08-03 13:55:49"
      },
      "monitored_vpcs": [
          {
              "vpc_account": "XXXXXXXXXXXX",
              "vpc_id": "vpc-0f08710cdbc32d58a",
              "vni": "24"
          },
          {
              "vpc_account": "YYYYYYYYYYYY",
              "vpc_id": "vpc-08d5c92356da0ccb4",
              "vni": "26"
          },
          {
              "vpc_account": "YYYYYYYYYYYY",
              "vpc_id": "vpc-0eadcf1a9ad8b3e26",
              "vni": "27"
          }
      ]
  }
  ]

When we remove the 2 cross account VPCs, cluster-deregister-vpc doesn't remove the GWLB perms until it's called on the last VPC in that other account

(.venv) chelma@3c22fba4e266 aws-aio % ./manage_arkime.py cluster-deregister-vpc --cluster-name MyCluster3 --vpc-id vpc-0eadcf1a9ad8b3e26
2023-08-24 10:59:22 - Debug-level logs save to file: /Users/chelma/workspace/Arkime/aws-aio/manage_arkime/manage_arkime.log
2023-08-24 10:59:22 - Using AWS Credential Profile: default
2023-08-24 10:59:22 - Using AWS Region: default from AWS Config settings
2023-08-24 10:59:22 - Deregistering the VPC with the Cluster...
2023-08-24 10:59:23 - Removing the cross-account access role: arkime_MyCluster3_vpc-0eadcf1a9ad8b3e26
2023-08-24 10:59:24 - Removing permissions for Account YYYYYYYYYYYY to create GWLBE Endpoints on: vpce-svc-0bf7f421d6596c8cb
2023-08-24 10:59:24 - There are 1 other VPCs currently using this permission; skipping...
2023-08-24 10:59:24 - Removing association details from Param Store at: /arkime/clusters/MyCluster3/vpcs/vpc-0eadcf1a9ad8b3e26/cross-account

(.venv) chelma@3c22fba4e266 aws-aio % ./manage_arkime.py cluster-deregister-vpc --cluster-name MyCluster3 --vpc-id vpc-08d5c92356da0ccb4
2023-08-24 11:03:15 - Debug-level logs save to file: /Users/chelma/workspace/Arkime/aws-aio/manage_arkime/manage_arkime.log
2023-08-24 11:03:15 - Using AWS Credential Profile: default
2023-08-24 11:03:15 - Using AWS Region: default from AWS Config settings
2023-08-24 11:03:15 - Deregistering the VPC with the Cluster...
2023-08-24 11:03:16 - Removing the cross-account access role: arkime_MyCluster3_vpc-08d5c92356da0ccb4
2023-08-24 11:03:17 - Removing permissions for Account YYYYYYYYYYYY to create GWLBE Endpoints on: vpce-svc-0bf7f421d6596c8cb
2023-08-24 11:03:18 - Removing association details from Param Store at: /arkime/clusters/MyCluster3/vpcs/vpc-08d5c92356da0ccb4/cross-account

License

I confirm that this contribution is made under an Apache 2.0 license and that I have the authority necessary to make this contribution on behalf of its copyright owner.