Is it possible to tag AWS Lightsail snapshots?
From Tags in Amazon Lightsail | Lightsail Documentation:
The following Lightsail resources can be tagged in the Lightsail console:
Instances
Databases
Disks
DNS zones
Load balancers
Important: Snapshots created using the Lightsail console automatically inherit tags from the source resource. A Lightsail resource created from that snapshot will have the same tags that were present on the source resource when the snapshot was created.
The following resources can be tagged using the Lightsail API, AWS Command Line Interface (AWS CLI), or SDKs:
Database snapshots
Databases
Disk snapshots
...
So, it appears that tagging Snapshots requires you to use the Lightsail API, or the AWS CLI or programmatically via an SDK.
I used the AWS CLI like this:
aws lightsail tag-resource --resource-name WordPress-1-1620563255 --tags key=Department,value=Finance
The tag does not appear in the Lightsail console, but when I later ran aws lightsail get-instance-snapshots, the tag showed in the response.
As per the 'important' notice above, any tags on the instance will automatically be copied to any Snapshots, so that's probably an easier way to add a tag (if appropriate to your situation).
Related
I need to retrieve existing data/properties of a given resource by using an AWS Cloudformation template. Is it possible? If it is how can I do it?
Example 1:
Output: Security Group ID which allows traffic on port 22
Example 2:
Output: Instance ID which use default VPC
AWS CloudFormation is used to deploy infrastructure from a template in a repeatable manner. It cannot provide information on any resources created by any methods outside of CloudFormation.
Your requirements seem more relevant to AWS Config:
AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
An AWS resource is an entity you can work with in AWS, such as an Amazon Elastic Compute Cloud (EC2) instance, an Amazon Elastic Block Store (EBS) volume, a security group, or an Amazon Virtual Private Cloud (VPC).
Using your examples, AWS Config can list EC2 instances and any resources that are connected to the instances, such as Security Groups and VPCs. You can easily click-through these relationship and view the configurations. It is also possible to view how these configurations have changed over time, such as:
When EC2 instance changed state (eg stopped, running)
When rules changed on Security Groups
Alternatively, you can simply make API calls to AWS services to obtain the current configuration of resources, such as calling DescribeInstances to obtain a list of Amazon EC2 instances and their configurations.
As of the date of this question I'm using the most recent version of the AWS CLI (2.4.6) running on macOS. According to the v2 docs the Instances that are returned should include properties like InstanceLifecycle, Licenses, MetadataOptions -> PlatformDetails and several others that are missing for me. While I'm getting back most data, some fields are absent... I've tried this is two separate AWS accounts and I have admin IAM creds that I'm using locally, why does the aws ec2 describe-instances call not return all of the fields listed in the docs?
Not all outputs is available for every ec2 instance, it depends on the way of provisioning of your ec2 instances.
Ex:
InstanceLifecycle: is exclusive if you provisioned the ec2 instance as spot instance or reserved one.
Licenses: If you used BYOL when provisioning EC2 (Bring your own license)
Extra.. The docs describe every possible output from querying ec2 api endpoint, but it depends on the different parameters of your provisioned ec2 instance.
For example, try to provision a spot instance, and query the instance lifecycle.
I am using the resourcegroupstaggingapi to return a list of resources so that I can check for non-compliancy (ie resources without appropriate tagging).
On the email that gets created daily, I keep seeing an RDS cluster that has been deleted (via console) for over a week now.
When I run "aws rds describe-db-cluster", I get an empty response (as expected) however if I run "aws resourcegroupstaggingapi get-resources --resource-type-filters rds", it returns the cluster that I have deleted along with its tags.
Is this a bug or does the resourcegroupstaggingapi somehow return all resources regarding of status?
Thanks,
Adam
Could you please double check your commands. The following:
aws rds describe-db-cluster
is only for Aurora and it will not list regular RDS databases. To list regular RDS databases, along with aurora ones, you have to use:
aws rds describe-db-instances
So maybe you are expecting regular databases to be deleted, but since you are using command only for Aurora, you think that there are no regular RDS instances? Similarly, you resource groups have been created for RDS instances, or DB clusters (Aurora)?
How can we know who has accessed AWS EBS snapshot which was publicly available?
I am not able to find the option in AWS management console
AWS CloudTrail would contain information about how Amazon EBS snapshots are used whithin your own AWS Account.
It is not possible to obtain information about how public/shared Amazon EBS snapshots have been used outside of your AWS Account.
on AWS Elasticsearch, is there convienient way to load data from one cluster into another ?
thx
You can do so by restoring a snapshot of your AWS Elasticsearch cluster, if you have enabled automated snapshot, while configuring the cluster.
You may want to take a look at the Working with Manual Index Snapshots (AWS CLI) section the in the below AWS Elasticsearch document?
Managing Amazon Elasticsearch Service Domains
Below is an excerpt:
Amazon Elasticsearch Service (Amazon ES) takes daily automated
snapshots of the primary index shards in an Amazon ES domain, as
described in Configuring Snapshots. However, you must contact the AWS
Support team to restore an Amazon ES domain with an automated
snapshot. If you need greater flexibility, you can take snapshots
manually and manage them in a snapshot repository, an Amazon S3
bucket.