Table of Contents
EC2
Listing instances
root@ftphost02:~/.aws# aws ec2 describe-instances --output table --query 'Reservations[].Instances[].Tags[?Key==`Name`].Value' ------------------- |DescribeInstances| +-----------------+ | Node1 | | FTP | +-----------------+ root@ftphost02:~/.aws# aws ec2 describe-instances --output table --query 'Reservations[].Instances[].[join(`,`,Tags[?Key==`Name`].Value),State.Name]' ---------------------------- | DescribeInstances | +--------------+-----------+ | Node1 | running | | FTP | running | +--------------+-----------+ OR (Using pipe syntax) root@ftphost02:~/.aws# aws ec2 describe-instances --output table --query 'Reservations[].Instances[].[Tags[?Key==`Name`] | [0].Value, State.Name]' ---------------------------- | DescribeInstances | +--------------+-----------+ | Node1 | running | | FTP | running | +--------------+-----------+ root@ftphost02:~/.aws# aws ec2 describe-instances --instance-ids i-65b45c6b --output table --query 'Reservations[].Instances[].[join(`,`,Tags[?Key==`Name`].Value),State.Name]' ---------------------------- | DescribeInstances | +--------------+-----------+ | Node1 | running | +--------------+-----------+ root@ftphost02:~/.aws# aws ec2 describe-instances --output table --query 'Reservations[].Instances[].[Tags[?Key==`Name`] | [0].Value, InstanceId]' ------------------------------- | DescribeInstances | +--------------+--------------+ | Node1 | i-65b45c6b | | FTP | i-59891e53 | +--------------+--------------+
Controlling instances
root@ftphost02:~/.aws# aws ec2 start-instances --instance-ids i-65b45c6b
{
"StartingInstances": [
{
"InstanceId": "i-65b45c6b",
"CurrentState": {
"Code": 0,
"Name": "pending"
},
"PreviousState": {
"Code": 80,
"Name": "stopped"
}
}
]
}
root@ftphost02:~/.aws# aws ec2 stop-instances --instance-ids i-65b45c6b
{
"StoppingInstances": [
{
"InstanceId": "i-65b45c6b",
"CurrentState": {
"Code": 64,
"Name": "stopping"
},
"PreviousState": {
"Code": 16,
"Name": "running"
}
}
]
}
State codes
| 0 | pending |
| 16 | running |
| 32 | shutting-down |
| 48 | terminated |
| 64 | stopping |
| 80 | stopped |
Filters
Combining two filters can be either AND or OR.
AND
Filters are in separate quotes, note space between two quoted blocks:-
–filters “Name=image-id, Values=ami-07cf57ebf50e78466” “Name=tag-key, Values=aws:autoscaling:groupName”
$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-07cf57ebf50e78466" "Name=tag-key, Values=aws:autoscaling:groupName" --query 'Reservations[*].Instances[*].[InstanceId]' --profile nonprod_admin
[
[
[
"i-05c83bdad5311253c"
]
],
[
[
"i-0dbcfbdea9b501851"
]
]
]
OR
Filters are part of the same quotes:-
–filters “Name=image-id, Values=ami-07cf57ebf50e78466,Name=tag-key, Values=aws:autoscaling:groupName”
$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-07cf57ebf50e78466,Name=tag-key, Values=aws:autoscaling:groupName" --query 'Reservations[*].Instances[*].[InstanceId]' --profile nonprod_admin
[
[
[
"i-0983d97f816fdd9ea"
]
],
...edited....
[
[
"i-04d8e1a1de04d6bc6"
]
],
[
[
"i-0dbcfbdea9b501851"
]
]
]
Using JMESpath
$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-07cf57ebf50e78466" "Name=tag-key, Values=aws:autoscaling:groupName" --query 'Reservations[*].Instances[*].{ImageId:ImageId,Tags:Tags}' --profile nonprod_admin
$ aws ec2 describe-instances --query 'Reservations[].Instances[].[Tags[?contains(`["Name"]`, Key)].Value, State.Name, Platform][][]' --profile nonprod_admin --out=text
$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-0927c25b5177ff0de" --query 'Reservations[*].Instances[*].[Tags[?(Key==`Name`)].Value, State.Name, Platform]' --profile nonprod_admin --out=table
$ aws ec2 describe-instances --profile nonprod_admin | jq --raw-output '.[][].Instances[] | {"InstanceId": .InstanceId, "State": .State.Name, "Name": .Tags[]|select(.Key=="Name").Value, "servicename": .Tags[]|select(.Key=="servicename").Value } | join(", ")'
GetListOfAccounts.py
#!/usr/bin/env python import boto3 import sys profile = 'nonprod_admin' context = 'dummy' session = boto3.session.Session(profile_name=profile) ec2 = session.client('ec2') ASsession = boto3.session.Session(profile_name=profile) ec2as = ASsession.client('autoscaling') # ec2 = boto3.client('ec2') # ec2as = boto3.client('autoscaling') def GetListOfAccounts(AMIimageID, context): try: response = ec2.describe_image_attribute(ImageId=AMIimageID['ImageID'], Attribute='launchPermission') except: print ('Exception! Error with AWS response.') # print ('LC = ', response['LaunchPermissions']) return (response['LaunchPermissions']) try: Accounts = GetListOfAccounts(AMIimageID, context) except: print ('Exception! Not enough arguments supplied.', sys.exc_info())
listOfAMI0lderThanX.py
#!/usr/bin/env python import boto3 import datetime from datetime import date from datetime import datetime profile = 'nonprod_admin' context = 'dummy' session = boto3.session.Session(profile_name=profile) ec2 = session.client('ec2') # ec2 = boto3.client('ec2',region) def getListOfAMI(agearguments, context): Regex = agearguments["Regex"] AGEthreshold = int(agearguments["AGEthreshold"]) AMIlist = [] # get list of all AMI owned by this account, matching the regex AMIResponse = ec2.describe_images(Filters=[{'Name': 'name', 'Values': [Regex]}, ], Owners=['self']) for i in AMIResponse['Images']: AMIname = i['Name'] AMIimageID = i['ImageId'] AMIcreationDate = i['CreationDate'] # convert unicode string to timedate object AMICreationDateTime = datetime.strptime((i['CreationDate']), '%Y-%m-%dT%H:%M:%S.%fZ') # only needs days not time, so use date method, likewise now is just days AMICreationDate = AMICreationDateTime.date() now = date.today() # Get age of ami and convert timedelta to contain only days AMIage = (now - AMICreationDate).days if AMIage >= AGEthreshold: olderThanThreshold = True AMIlist.append(AMIimageID) else: olderThanThreshold = False # print ("AMI", AMIimageID, "Age Threshold ", AGEthreshold, "AMI age ",AMIage, "olderthanthres ", olderThanThreshold) # print (AMIlist) # resultDict = {"OlderThanThreshold":olderThanThreshold, "AMIage":AMIage} return (AMIlist) AMILIST = getListOfAMI({"Regex": "*JS-AMZN2*", "AGEthreshold": "7"}, context) print (AMILIST)
CheckAMIinUse.py
#!/usr/bin/env python import boto3 import sys profile = 'nonprod_admin' session = boto3.session.Session(profile_name=profile) ec2 = session.client('ec2') ASsession = boto3.session.Session(profile_name=profile) ec2as = ASsession.client('autoscaling') # ec2 = boto3.client('ec2') # ec2as = boto3.client('autoscaling') context = '' def checkAMIinUse(AMIimageID, context): try: # print (AMIimageID['ImageID']) # aws ec2 describe-instances --filters "Name=image-id, Values=ami-0e12cbde3e77cbb98" --query 'Reservations[*].Instances[*].[InstanceId]' --profile nonprod_admin EC2InUseResponse = ec2.describe_instances(Filters=[{'Name': 'image-id', 'Values': [AMIimageID['ImageID']]}]) except: return ('Exception! Error with AWS response') # list comprehension, returns list of instances EC2instance_ids = [ i["InstanceId"] for r in EC2InUseResponse["Reservations"] for i in r["Instances"] ] # print ('checkAMIinUse: Instances relying on ',AMIimageID, ' are ', EC2instance_ids) if len(EC2instance_ids) == 0: EC2AMIinUse = False else: EC2AMIinUse = True # print ('checkAMIinUse: Instances ', EC2AMIinUse) # test if ASG relies on AMI # get all ASG and for ech, get the Launch config. # check each LC for the AMI in AMIimageID # this gets all asg but have to match lc passed to function within it. # aws autoscaling describe-auto-scaling-groups --profile nonprod_admin --auto-scaling-group-names "AJS asg1" # print ('checkAMIinUse: ASG Check if AMI is in use by ASG') ASGresponse = ec2as.describe_auto_scaling_groups() ASGresponse1 = ASGresponse['AutoScalingGroups'] ASGAMIinUse = False for i in ASGresponse1: LCGroup = i['LaunchConfigurationName'] LCResponse = GetAllLaunchConf(LCGroup) LC_object = LCResponse['LaunchConfigurations'] for item in LC_object: # print ('Testing for AMIimageID ', AMIimageID, ' in ', item['ImageId']) if item['ImageId'] == AMIimageID: # print('True') ASGAMIinUse = True break if ASGAMIinUse is True: break # print ('checkAMIinUse: ASG Ami InUse:- ', ASGAMIinUse ) if EC2AMIinUse or ASGAMIinUse is True: AMIinUse = True else: AMIinUse = False return (AMIinUse) def GetAllLaunchConf(LCName): # aws autoscaling describe-launch-configurations --launch-configuration-names "AJS launchconf1" --profile nonprod_admin # returns dictionary GLCresponse = ec2as.describe_launch_configurations(LaunchConfigurationNames=[LCName, ], ) return (GLCresponse) try: InUse, EC2instance_ids, ASGAMIinUse = checkAMIinUse({"ImageID": "ami-094ef7a0cbb90a7c1"}, context) except: print ('Exception! Not enough arguments supplied.', sys.exc_info()) print (InUse, EC2instance_ids, ASGAMIinUse)
Get Latest tagged image (AMI)
$ aws ec2 describe-images --filters Name=tag:release,Values=Latest Name=is-public,Values=false --profile nonprod_admin | more
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2019-09-01T09:26:52.000Z",
"ImageId": "ami-01efb7e3b3f79ecf9",
"ImageLocation": "057726927330/JS-AMZN2-AMI-CIS-L2-1567328875",
"ImageType": "machine",
"Public": false,
"OwnerId": "057726927330",
"State": "available",
Get Stopped Instances
#!/bin/bash for I in `aws ec2 describe-instances --filters "Name=instance-state-name, Values=stopped" --query 'Reservations[].Instances[].InstanceId' --profile nonprod_admin --out text` do aws ec2 describe-instances --instance-ids ${I} --query 'Reservations[*].Instances[*].[Tags[?(Key==`Name`)].Value, InstanceId,State.Name, Platform]' \ --profile nonprod_admin #--out=table done
Security Groups
$ aws ec2 describe-network-interfaces --filters Name=group-id,Values=sg-0f99adeb1ca8f1892 --profile nonprod_admin
{
"NetworkInterfaces": []
}
EC2 cli
aws ec2 describe-instances –region us-west-2
aws ec2 describe-instances –region us-west-2 –output table –filters “Name=instance-type,Values=t2.small”
# for region in `aws ec2 describe-regions --output text | \ cut -f3`; do aws ec2 describe-instances --region $region \ --query 'Reservations[].Instances[].[PrivateIpAddress,InstanceId,Tags[?Key==`Name`].Value[]]' \ --output text | sed '$!N;s/\n/ /'; \ done 10.0.6.10 i-30d917bb prod-001 10.0.0.112 i-33cc3902 EC2ContainerService-default 10.0.0.4 i-f1602579 prod-002 10.130.200.188 i-7c31a9f4 Repair 01 ...edited...
EC2 metadata - get public ip address
$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 56 100 56 0 0 25282 0 --:--:-- --:--:-- --:--:-- 28000 [ssm-user@ip-10-0-0-251 2048]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-ipv4 -w "\n" 52.25.145.1 $
