EC2

Filters

Combining two filters can be either AND or OR.

AND

Filters are in separate quotes, note space between two quoted blocks:-
–filters “Name=image-id, Values=ami-07cf57ebf50e78466” “Name=tag-key, Values=aws:autoscaling:groupName”

$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-07cf57ebf50e78466" "Name=tag-key, Values=aws:autoscaling:groupName" --query 'Reservations[*].Instances[*].[InstanceId]'  --profile nonprod_admin
[
    [
        [
            "i-05c83bdad5311253c"
        ]
    ], 
    [
        [
            "i-0dbcfbdea9b501851"
        ]
    ]
]

OR

Filters are part of the same quotes:-
–filters “Name=image-id, Values=ami-07cf57ebf50e78466,Name=tag-key, Values=aws:autoscaling:groupName”

$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-07cf57ebf50e78466,Name=tag-key, Values=aws:autoscaling:groupName" --query 'Reservations[*].Instances[*].[InstanceId]'  --profile nonprod_admin
[
    [
        [
            "i-0983d97f816fdd9ea"
        ]
    ], 
...edited....
    [
        [
            "i-04d8e1a1de04d6bc6"
        ]
    ], 
    [
        [
            "i-0dbcfbdea9b501851"
        ]
    ]
]

Using JMESpath

$ aws ec2 describe-instances --filters "Name=image-id, Values=ami-07cf57ebf50e78466" "Name=tag-key, Values=aws:autoscaling:groupName" --query 'Reservations[*].Instances[*].{ImageId:ImageId,Tags:Tags}'  --profile nonprod_admin

GetListOfAccounts.py

#!/usr/bin/env python
 
import boto3
import sys
 
profile = 'nonprod_admin'
context = 'dummy'
 
session = boto3.session.Session(profile_name=profile)
ec2 = session.client('ec2')
 
ASsession = boto3.session.Session(profile_name=profile)
ec2as = ASsession.client('autoscaling')
 
# ec2 = boto3.client('ec2')
# ec2as = boto3.client('autoscaling')
 
 
def GetListOfAccounts(AMIimageID, context):
    try:
        response = ec2.describe_image_attribute(ImageId=AMIimageID['ImageID'], Attribute='launchPermission')
    except:
        print ('Exception! Error with AWS response.')
 
    # print ('LC = ', response['LaunchPermissions'])
    return (response['LaunchPermissions'])
 
 
try:
    Accounts = GetListOfAccounts(AMIimageID, context)
except:
    print ('Exception! Not enough arguments supplied.', sys.exc_info())

listOfAMI0lderThanX.py

#!/usr/bin/env python
 
import boto3
import datetime
from datetime import date
from datetime import datetime
 
profile = 'nonprod_admin'
context = 'dummy'
 
session = boto3.session.Session(profile_name=profile)
ec2 = session.client('ec2')
# ec2 = boto3.client('ec2',region)
 
 
def getListOfAMI(agearguments, context):
    Regex = agearguments["Regex"]
    AGEthreshold = int(agearguments["AGEthreshold"])
    AMIlist = []
 
    # get list of all AMI owned by this account, matching the regex
    AMIResponse = ec2.describe_images(Filters=[{'Name': 'name', 'Values': [Regex]}, ], Owners=['self'])
    for i in AMIResponse['Images']:
 
        AMIname = i['Name']
        AMIimageID = i['ImageId']
        AMIcreationDate = i['CreationDate']
 
        # convert unicode string to timedate object
        AMICreationDateTime = datetime.strptime((i['CreationDate']), '%Y-%m-%dT%H:%M:%S.%fZ')
 
        # only needs days not time, so use date method, likewise now is just days
        AMICreationDate = AMICreationDateTime.date()
        now = date.today()
 
        # Get age of ami and convert timedelta to contain only days
        AMIage = (now - AMICreationDate).days
 
        if AMIage >= AGEthreshold:
            olderThanThreshold = True
            AMIlist.append(AMIimageID)
        else:
            olderThanThreshold = False
 
        # print ("AMI", AMIimageID, "Age Threshold ", AGEthreshold, "AMI age ",AMIage, "olderthanthres ", olderThanThreshold)
        # print (AMIlist)
 
    # resultDict = {"OlderThanThreshold":olderThanThreshold, "AMIage":AMIage}
    return (AMIlist)
 
 
AMILIST = getListOfAMI({"Regex": "*JS-AMZN2*", "AGEthreshold": "7"}, context)
print (AMILIST)

CheckAMIinUse.py

#!/usr/bin/env python
 
import boto3
import sys
 
profile = 'nonprod_admin'
 
session = boto3.session.Session(profile_name=profile)
ec2 = session.client('ec2')
 
ASsession = boto3.session.Session(profile_name=profile)
ec2as = ASsession.client('autoscaling')
 
 
# ec2 = boto3.client('ec2')
# ec2as = boto3.client('autoscaling')
 
 
context = ''
 
def checkAMIinUse(AMIimageID, context):
    try:
        # print (AMIimageID['ImageID'])
        # aws ec2 describe-instances --filters "Name=image-id, Values=ami-0e12cbde3e77cbb98" --query 'Reservations[*].Instances[*].[InstanceId]'  --profile nonprod_admin
        EC2InUseResponse = ec2.describe_instances(Filters=[{'Name': 'image-id', 'Values': [AMIimageID['ImageID']]}])
    except:
        return ('Exception! Error with AWS response')
    # list comprehension, returns list of instances
    EC2instance_ids = [
        i["InstanceId"]
        for r in EC2InUseResponse["Reservations"]
        for i in r["Instances"]
    ]
    # print ('checkAMIinUse: Instances relying on ',AMIimageID, ' are ', EC2instance_ids)
    if len(EC2instance_ids) == 0:
        EC2AMIinUse = False
    else:
        EC2AMIinUse = True
        # print ('checkAMIinUse: Instances ', EC2AMIinUse)
 
    # test if ASG relies on AMI
    # get all ASG and for ech, get the Launch config.
    # check each LC for the AMI in AMIimageID
    # this gets all asg but have to match lc passed to function within it.
    # aws autoscaling describe-auto-scaling-groups --profile nonprod_admin --auto-scaling-group-names "AJS asg1"
 
    # print ('checkAMIinUse: ASG Check if AMI is in use by ASG')
    ASGresponse = ec2as.describe_auto_scaling_groups()
    ASGresponse1 = ASGresponse['AutoScalingGroups']
 
    ASGAMIinUse = False
    for i in ASGresponse1:
        LCGroup = i['LaunchConfigurationName']
        LCResponse = GetAllLaunchConf(LCGroup)
        LC_object = LCResponse['LaunchConfigurations']
 
        for item in LC_object:
            # print ('Testing for AMIimageID ', AMIimageID, ' in ', item['ImageId'])
 
            if item['ImageId'] == AMIimageID:
                # print('True')
                ASGAMIinUse = True
                break
        if ASGAMIinUse is True:
            break
 
    # print ('checkAMIinUse: ASG  Ami InUse:- ', ASGAMIinUse  )
 
    if EC2AMIinUse or ASGAMIinUse is True:
        AMIinUse = True
    else:
        AMIinUse = False
    return (AMIinUse)
 
 
def GetAllLaunchConf(LCName):
    # aws autoscaling describe-launch-configurations --launch-configuration-names "AJS launchconf1" --profile nonprod_admin
    # returns dictionary
    GLCresponse = ec2as.describe_launch_configurations(LaunchConfigurationNames=[LCName, ], )
    return (GLCresponse)
 
 
try:
    InUse, EC2instance_ids, ASGAMIinUse = checkAMIinUse({"ImageID": "ami-094ef7a0cbb90a7c1"}, context)
except:
    print ('Exception! Not enough arguments supplied.', sys.exc_info())
 
print (InUse, EC2instance_ids, ASGAMIinUse)

Get Latest tagged image (AMI)

$ aws ec2 describe-images --filters Name=tag:release,Values=Latest  Name=is-public,Values=false  --profile nonprod_admin | more 
{
    "Images": [
        {
            "Architecture": "x86_64",
            "CreationDate": "2019-09-01T09:26:52.000Z",
            "ImageId": "ami-01efb7e3b3f79ecf9",
            "ImageLocation": "057726927330/JS-AMZN2-AMI-CIS-L2-1567328875",
            "ImageType": "machine",
            "Public": false,
            "OwnerId": "057726927330",
            "State": "available",
 
aws/ec2.txt · Last modified: 2019/09/20 15:21 (external edit)